#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
released on 2023-11-22 @ 11:38:01 AM
CISA reports that Lockbit 3.0 affiliates are leveraging CVE 2023-4966 (Citrix Bleed) to bypass password requirements and multifactor authentication (MFA), leading to successful session hijacking of legitimate user sessions on Citrix NetScaler web application delivery control (ADC) and Gateway appliances.