A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC)

**Executive summary:** This report revisits CVE-2019-19781 (Citrix NetScaler/ADC), documents widespread active exploitation and deployment of webshells/backdoors (including NOTROBIN 'palware' that removes competing backdoors), provides IOCs and statistics showing thousands of vulnerable and compromised devices, and describes a newly demonstrated single-request exploit that bypasses adversary patching and common detection assumptions.