THREAT ALERT: CITRIXBLEED (CVE-2023-4966)

Cybereason warns of CitrixBleed (CVE-2023-4966), a critical NetScaler ADC/Gateway vulnerability (CVSS 9.4) exploited to cause buffer overreads that leak memory and enable session hijacking and credential theft. The alert documents active post-exploitation activity observed (credential dumping from browsers, MFA bypass, RMM tool deployment, NTDS.DIT retrieval, and custom trojans), provides detection queries and IoCs, and recommends immediate patching, resetting NetScaler sessions, monitoring for unauthorized RMM and unknown DLLs, enabling Cybereason protections, and periodic log review.