Mass exploitation of CitrixBleed vulnerability, including a ransomware group

A public write-up on CitrixBleed (CVE-2023-4966) describes a memory disclosure in Citrix Netscaler/ADC that leaks session tokens enabling attackers to bypass login and multi-factor authentication by replaying stolen tokens; the author provides exploit details (a crafted GET with an extremely long Host header), detection guidance (grep logs for GetUserName traffic and GreyNoise-listed IPs), remediation steps (apply vendor patch and invalidate sessions), and reports mass exploitation and at least two ransomware groups actively abusing the flaw.