Security & IT News

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. "The campaign abuses Google Ads to serve rogue ScreenConnect (

AI agents increasingly perform tasks that involve reasoning, acting, and interacting with other systems. Building a trusted agent requires ensuring it operates within the correct boundaries and performs tasks consistent with its intended purpose. In practice, this requires aligning several layers of intent: User intent : The goal or task the user is trying to accomplish. Developer intent : The purpose for which the agent was designed and built. Role-based intent: The specific function the agent performs within an organization. Organizational intent : Enterprise policies, standards, and operational constraints. For example, one department may adopt an agent developed by another team, customize it for a specific business role, require that it adhere to internal policies, and expect it to provide reliable results to end users. Aligning these intent layers helps ensure agents meet user needs while operating within organizational, security, and compliance boundaries. Importance of intent alignment A successful and trusted AI agent must satisfy what the user intended to accomplish, while operating within the bounds of what the developer, role, and organization intended it to do. Proper intent alignment empowers AI agents to: Deliver quality results that accurately address user requests and solve real problems, increasing trust and productivity. Ensure the agent maintains its intended goal and operates within the boundaries it was developed and deployed for, reflecting the developer’s original design and the job to be done by the deploying organization. Uphold security and compliance by respecting organizational policies, protecting data, and preventing misuse or unauthorized actions. User Intent: The Key to Quality Outcomes Every AI agent interaction begins with the user’s objective, the task the user is trying to complete. Correctly interpreting that objective is essential to producing useful results. If the agent misinterprets the request, the response may be irrelevant, incomplete, or incorrect. Modern agents often go beyond simple question answering. They interpret requests, select tools or services, and perform actions to complete a task. Evaluating alignment with user intent therefore requires examining whether the agent correctly interprets the request, chooses the appropriate tools, and produces a coherent response. For example, when a user submits the query “Weather now,” an agent must infer that the user wants the current local weather. It must retrieve the relevant location and weather data through available APIs and present the result in a clear response. Developer intent: Defining the agent’s intended scope If user intent is about what the user wants the agent to do, developer intent is about what was the agent developed for. Developer’s intent defines the quality that of how well the agent fulfills its intended job, and the security boundaries that protect the agent from misuse or drift. In short, developer intent defines how the agent ar

On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position

If you're a security leader operating in Germany, Austria, or Switzerland, you already know that compliance isn't a checkbox. It's a competitive differentiator. Rapid7 has completed BSI C5 Type 2 attestation for the Rapid7 Command Platform, including Threat Command, and it's a milestone worth unpacking. This isn't just a badge on a webpage. It's proof that our security controls work, not just on paper, but in practice, over time. What is BSI C5 and why does it matter? The Cloud Computing Compliance Criteria Catalogue (C5) was developed by Germany's Federal Office for Information Security (BSI). It sets some of the most rigorous cloud security standards in the world, covering everything from data protection to operational transparency. A Type 2 attestation is the gold standard within that framework. Unlike a point-in-time audit, Type 2 validates that security controls aren't just well-designed, but that they're actively working consistently over a sustained period. It's the difference between a security promise and a security proof. For organizations in the DACH region, C5 is more than a nice-to-have. It's a procurement requirement for German federal agencies, critical infrastructure operators, healthcare institutions, and financial services firms. If you're operating in any of these sectors, your cloud providers need to meet this bar. Rapid7 now does. BSI C5 Type 2 and your cloud security strategy Whether you're evaluating security vendors, managing compliance obligations, or looking to strengthen your organization's risk posture, the question is the same: How do you know your cloud security provider actually does what it says? BSI C5 Type 2 attestation answers that question. It's independent, rigorous, and sustained over time. While rooted in German regulatory requirements, C5 is increasingly recognized as a benchmark for secure cloud operations across Europe. It's one of the clearest signals that a cloud provider has the operational maturity to handle sensitive environments. The Rapid7 Command Platform unifies exposure management with detection and response, giving security teams clear visibility across their attack surface. Threat Command extends that protection further, identifying and helping remediate threats across the clear, deep, and dark web. Both are now independently validated against one of the world's toughest cloud security frameworks. Why independent validation of security controls matters Trusting a security vendor shouldn't require a leap of faith. Independent validation exists so you have the evidence to make that call with confidence. This attestation reflects our continued investment in meeting the highest security standards for customers across Germany and the wider European market. Rapid7 has achieved a milestone that speaks directly to the conversations had every day with public sector and enterprise organizations who need more than a promise. They need proof that a security provider's controls have been tested, verified,

Silver Fox pivots from ValleyRAT tax lures to WhatsApp‑style stealers, blending espionage phishing

A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory

The FCC ban will affect the import of all new, foreign-made consumer routers, the agency's head Brendan Carr said.

Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data

I have written about how to use IP KVMs securely , and recently, researchers at Eclypsium published yet another report on IP KVM vulnerabilities. But there is another issue I haven't mentioned yet with IP KVMs: rogue IP KVMs. IP KVMs are often used by criminals. For example, North Koreans used KVMs to connect remotely to laptops sent to them by their employers. The laptops were located in the US, and the North Korean workers used IP KVMs to remotely connect to them. IP KVMs could also be used to access office PCs, either to enable undetected work from home or by threat actors who use them to gain remote access after installing the device on site. IP KVMs usually connect to the system in two ways: USB for keyboard/mouse HDMI for the monitor connection (some older variants may also use VGA) For my testing, I used two different IP KVMs. A PiKVM and a NanoKVM (Sipeed). Both were connected to Linux systems, but the techniques should work on other operating systems as well. USB For the Sipeed NanoKVM, lsusb give away the device: $ lsusb Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 002: ID 0bda:c821 Realtek Semiconductor Corp. Bluetooth Radio Bus 001 Device 004: ID 051d:0002 American Power Conversion Uninterruptible Power Supply Bus 001 Device 005: ID 3346:1009 sipeed NanoKVM Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub PiKVM is a little bit less obvious, but this USB entry appears to be associated with PiVKM Bus 001 Device 004: ID 1d6b:0104 Linux Foundation Multifunction Composite Gadget Bus 001 Device 017: ID 1b3f:2008 Generalplus Technology Inc. USB Audio Device This needs a bit more testing for the PiKVM. HDMI HDMI devices send EDID (Extended Display Identification Data) to the system the display is connected to. The main purpose of EDID is to communicate available video modes and resolutions. But it also includes manufacturer information. For the NanoKVM: sudo get-edid | parse-edid ... Section Monitor Identifier Connector ModelName Connector VendorName VCS ... Not very obvious, but the VCS vendor name could be a reasonable indicator (check for false positives) For PiKVM, the Identified and ModelName are more telling: Section Monitor Identifier PiKVM V3 ModelName PiKVM V3 VendorName LNX Evasion Of course, a more sophisticated attacker can modify these strings. PiKVM offers a configuration file to do so, in part to allow for better compatibility. I do not know whether the NanoKVM provides a similar, simple way to evade detection (but it is likely not terribly hard). So sophisticated attacker may translate to able and willing to read the manual . Many endpoint protection solutions monitor USB devices and may alert on odd devices being connected. But I am not aware of any that check monitor EDID strings. This may be another neat feature for any solutions. In office environments, most organizations provide a limited set of monitor types. For home office use, things may be more complex as users often

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-083-01.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privileges. /strong /p p The following versions of Pharos Controls Mosaic Show Controller are affected: /p ul li Mosaic Show Controller Firmware 2.15.3 (CVE-2026-2417) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 9.8 /td td Pharos Controls /td td Pharos Controls Mosaic Show Controller /td td Missing Authentication for Critical Function /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United Kingdom /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-2417 /a /h3 div class= csaf-accordion-content p A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-2417 View CVE Details /a /p hr h4 Affected Products /h4 h5 Pharos Controls Mosaic Show Controller /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Pharos Controls /div div class= ics-version strong Product Version: /strong br Pharos Controls Mosaic Show Controller Firmware: 2.15.3 /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br Pharos Controls recommends that users upgrade Mosaic Show Controller to version 2.16 or later. /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/306.html CWE-306 Missing Authentication for Critical Function /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS Version /th th role= columnheader Base Score /th th role= columnheader Base Severity /th th role= columnheader Vector String /th /tr /thead tbody tr td 3.1 /td td 9.8 /td td CRITICAL /td td a href= https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H /a /td /tr /tbody /tabl

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-083-03.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could risk privilege escalation, which could result in remote code execution. /strong /p p The following versions of Schneider Electric Plant iT/Brewmaxx are affected: /p ul li Plant iT/Brewmaxx 9.60_and_above (CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 9.9 /td td Schneider Electric /td td Schneider Electric Plant iT/Brewmaxx /td td Use After Free, Integer Overflow or Wraparound, Improper Control of Generation of Code ('Code Injection') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Energy, Critical Manufacturing, Commercial Facilities /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong France /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-49844 /a /h3 div class= csaf-accordion-content p The affected product uses Redis, an open-source, in-memory database. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free, and potentially lead to remote code execution. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-49844 View CVE Details /a /p hr h4 Affected Products /h4 h5 Schneider Electric Plant iT/Brewmaxx /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Schneider Electric /div div class= ics-version strong Product Version: /strong br Schneider Electric Plant iT/Brewmaxx: 9.60_and_above /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br Schneider Electric recommends users immediately apply the following mitigations to reduce the risk of exploit: /p p strong Mitigation /strong br Install Patch ProLeiT-2025-001 via ProLeiT Support br a href= https://www.proleit.com/support/ https://www.proleit.com/support/ /a /p p strong Mitigation /strong br After installing ProLeiT-2025-001, disable the eval commands in Redis on the application server, VisuHub, engineering workstations, and workstations with emergency mode functionality /p p strong Mitigation /strong br Force usage of secure Redis configuration templates in system settings as documented in the patch manual /p p strong Mitigation /strong

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-083-02.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Schneider Electric is aware of a vulnerability in its EcoStruxure Foxboro DCS Control Software on Foxboro DCS workstations and servers. Control Core Services and all runtime software, like FCPs, FDCs, and FBMs, are not affected. The EcoStruxure Foxboro DCS ([https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/](https://www.se.com/ww/en/product-range/63680-ecostruxure-foxboro-dcs/)) product is an innovative family of fault-tolerant, highly available control components, which consolidates critical information and elevates staff capabilities to ensure flawless, continuous plant operation. Failure to apply the remediation provided below may risk deserialization of untrusted data, which could result in loss of confidentiality, integrity and potential remote code execution on the compromised workstation. /strong /p p The following versions of Schneider Electric EcoStruxure Foxboro DCS are affected: /p ul li EcoStruxure Foxboro DCS vers:generic/ /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 6.5 /td td Schneider Electric /td td Schneider Electric EcoStruxure Foxboro DCS /td td Deserialization of Untrusted Data /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities, Critical Manufacturing, Energy /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong France /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-1286 /a /h3 div class= csaf-accordion-content p A deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-1286 View CVE Details /a /p hr h4 Affected Products /h4 h5 Schneider Electric EcoStruxure Foxboro DCS /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Schneider Electric /div div class= ics-version strong Product Version: /strong br EcoStruxure Foxboro DCS versions prior to CS8.1 /div div class= ics-status strong Product Status: /strong br fixed, known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Vendor fix /strong br Version CS 8.1 of EcoStruxure Foxboro DCS includes a fix for this vulnerability and is available through [https://buyautomation.se

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-083-01.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to send a specially crafted file, and when parsed, could result in a denial-of-service condition. /strong /p p The following versions of Grassroots DICOM (GDCM) are affected: /p ul li Grassroots DICOM (GDCM) 3.2.2 (CVE-2026-3650) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 7.5 /td td Grassroots /td td Grassroots DICOM (GDCM) /td td Missing Release of Memory after Effective Lifetime /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Healthcare and Public Health /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-3650 /a /h3 div class= csaf-accordion-content p A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-3650 View CVE Details /a /p hr h4 Affected Products /h4 h5 Grassroots DICOM (GDCM) /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Grassroots /div div class= ics-version strong Product Version: /strong br Grassroots Grassroots DICOM (GDCM): 3.2.2 /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br The maintainer of Grassroots DICOM (GDCM) has not responded to requests to work with CISA to mitigate this vulnerability. For update information refer to the software page on SourceForge. /p p strong Mitigation /strong br https://sourceforge.net/projects/gdcm/. br a href= https://sourceforge.net/projects/gdcm/ https://sourceforge.net/projects/gdcm/ /a /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/401.html CWE-401 Missing Release of Memory after Effective Lifetime /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priorit

Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai , illustrates the viability of a different way to do politics. In this model, technology is used to make democratic processes stronger, instead of undermining them. It is harnessed to root out corruption, instead of serving as a cash cow for campaign donations. Imagine an election where every voter has the opportunity to opine directly to politicians on precisely the issues they care about. They’re not expected to spend hours becoming policy experts. Instead, an AI Interviewer walks them through the subject, answering their questions, interrogating their experience, even challenging their thinking. Voters get immediate feedback on how their individual point of view matches—or doesn’t—a party’s platform, and they can see whether and how the party adopts their feedback. This isn’t like an opinion poll that politicians use for calculating short-term electoral tactics. It’s a deliberative reasoning process that scales, engaging voters in defining policy and helping candidates to listen deeply to their constituents. This is happening today in Japan. Constituents have spent about eight thousand hours engaging with Mirai’s AI Interviewer since 2025. The party’s gamified volunteer mobilization app, Action Board , captured about 100,000 organizer actions per day in the runup to last week’s election. It’s how Team Mirai, which translates to ‘The Future Party,’ does politics. Its founder, Takahiro Anno , first ran for local office in 2024 as a 33 year old software engineer standing for Governor of Tokyo. He came in fifth out of 56 candidates, winning more than 150,000 votes as an unaffiliated political outsider. He won attention by taking a distinctive stance on the role of technology in democracy and using AI aggressively in voter engagement. Last year, Anno ran again, this time for the Upper Chamber of the national legislature—the Diet— and won . Now the head of a new national party, Anno found himself with a platform for making his vision of a new way of doing politics a reality. In this recent House of Representatives election, Team Mirai shot up to win nearly four million votes. In the lower chamber’s proportional representation system, that was good enough for eleven total seats—the party’s first ever representation in the Japanese House—and nearly three times what it achieved in last year’s Upper Chamber election. Anno’s party stood for election without aligning itself on the traditional axes of left and right. Instead, Team Mirai, heavily associated with young, urban voters, sought to unite across the ideological spectrum by taking a radical position on a different axis: the status quo and the future. Anno told us that Team Mirai believes it can triple its representation in the Diet after the next elections in each chamber, an ostentatious goal that seems achievable given their rapid rise over the past

After a whistleblower alleged that the startup fabricated audit evidence, its prominent Series A investor removed an article detailing why it led the deal.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Leaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions of iOS with spyware, according to cybersecurity researchers.

So, I've been slow to get on the Claude Code/OpenCode/Codex/OpenClaw bandwagon, but I had some time last week so I asked Claude to review ( /security-review ) some of my python scripts. He found more than I'd like to admit, so I checked in a bunch of updates. In reviewing his suggestions, he was right, I made some stupid mistakes, some of which have been sitting in there for a long time. It was nothing earth-shattering and it took almost no time for Claude, it took longer for me to read through the updates he wanted to make, figure out what he was seeing, and decide whether to accept them or tweak them. Here are a few of them. a logic inversion error with the -f switch, and some unhandled errors in convert-ts-bash-history.py a TOCTOU (time of check/time of use) possible race condition, and a comment about some ambiguity with the -c switch when deciding which hash was used based solely on the length of the hash in sigs.py some overly permissive permissions, a possible symlink attack, and an encoding issue in ficheck.py a possible header injection issue via the -s switch with mail_stuff.py Most of these are issues I should have caught myself given how long I've been programming/scripting, but all of these started out as quick and dirty scripts to solve a problem I had, and then I made them available to the public through my github repo without taking any time to really ensure they were ready for public consumption. Taking a few minutes to setup Claude without much in the way of guidance (my CLAUDE.md is still very much a work-in-progress) and the one in my my scripts repo was one I asked Claude to create for me after some back and forth during this review which mostly covers a couple of personal preferences. I guess the main point is I'm late to the game on using AI on a daily basis, but that needs to change. Even when I'm feeling my age and write my own scripts, I need to have that second pair of eyes give it a second look. Some of these scripts run as root out of cron or systemd timers on systems I administer and some of those issues could have been used for privilege escalation by an attacker who managed to get access. Even those of us with more grey than not in our beards need to be spending some time figuring out how to integrate this stuff into our daily routine. References : [1] https://github.com/clausing/scripts --------------- Jim Clausing, GIAC GSE #26 jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Overview On March 23, 2026, Citrix published a security advisory for a critical vulnerability affecting their NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products. This vulnerability, CVE-2026-3055 , which is classified as an out-of-bounds read and holds a CVSS score of 9.3 , allows unauthenticated remote attackers to leak potentially sensitive information from the appliance's memory. The Citrix advisory states that systems configured as a SAML Identity Provider (SAML IDP) are vulnerable , whereas default configurations are unaffected. This SAML IDP configuration is likely a very common configuration for organizations utilizing single sign-on. Per the advisory , organizations can determine if they have an appliance configured as a SAML IDP Profile by inspecting their NetScaler Configuration for the specified string: add authentication samlIdPProfile .* CVE-2026-3055 affects NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262. The advisory notes that only customer-managed instances are affected, not cloud instances managed by Citrix . As of the advisory’s publication, there is no known in-the-wild exploitation and no public proof-of-concept (PoC) available. According to Citrix, the vulnerability was identified internally via security review. However, exploitation of CVE-2026-3055 is likely to occur once exploit code becomes public. Therefore, it is crucial that customers running affected Citrix systems remediate this vulnerability as soon as possible; Citrix software has previously seen memory leak vulnerabilities broadly exploited in the wild, including the infamous “CitrixBleed” vulnerability, CVE-2023-4966 , in 2023. Mitigation guidance Organizations running affected on-premise instances of NetScaler ADC and NetScaler Gateway should prioritize upgrading to fixed versions on an emergency basis to remediate CVE-2026-3055. Affected components: NetScaler ADC and NetScaler Gateway versions 14.1, fixed in 14.1-66.59 . NetScaler ADC and NetScaler Gateway versions 13.1, fixed in 13.1-62.23 . NetScaler ADC 13.1-FIPS and 13.1-NDcPP, fixed in 13.1-37.262 (also referred to as 13.1.37.262 in the vendor advisory). Please read the vendor advisory (CTX696300) for the latest guidance. Rapid7 customers Exposure Command, InsightVM, and Nexpose Exposure Command, InsightVM, and Nexpose customers can assess exposure to CVE-2026-3055 on Citrix NetScaler ADC with an authenticated vulnerability check expected to be available in the March 24 content release. Updates March 23, 2026: Initial publication.

A notice on the popular paywall-bypass website Archive.today said that access is blocked "by decision of [Russian] public authorities."