Featured Story
Thousands of Citrix ADC and Gateways Still Backdoored Despite Patching
Nearly 1,900 Citrix NetScaler ADC and Gateway devices remain compromised after attackers exploited CVE-2023-3519 to install persistent web shells, even after administrators patched the vulnerability. Fox-IT and Mandiant recommend checking systems retroactively for signs of compromise using their IoC Scanner script.
Patching does not retroactively remove implants. Organizations should:
- Run Mandiant’s scanner to detect backdoors
- Audit NetScaler logs for suspicious behavior
- Reset credentials and review admin access
Need support? Our SOC team is here to help assess and contain exposure.
Other Stories
Cyber Alert: Global Campaign Targets LinkedIn Accounts
LinkedIn users are facing a surge in account takeovers via brute-force and credential stuffing. Attackers are locking victims out by changing recovery emails and demanding ransom for access restoration.
Secure your LinkedIn account:
- Use a strong, unique password
- Enable MFA
- Regularly verify recovery email address
Our SOC can assist with digital hygiene training and breach monitoring.
Critical Flaws in PowerShell Gallery Enable Malicious Exploits
Aqua Nautilus discovered vulnerabilities in PowerShell Gallery that enable typosquatting, metadata spoofing, and exposure of unlisted packages—posing a risk for supply chain attacks.
We recommend:
- Enforcing signed PowerShell module policies
- Using trusted private repositories
- Implementing monitoring of script sources and downloads
Contact us to assess your PowerShell and cloud automation hygiene.
New QwixxRAT Trojan Spreads Through Messaging Apps
QwixxRAT, a new Remote Access Trojan, is distributed through Telegram and Discord. Once installed, it exfiltrates browser data, credentials, and payment info, and performs keylogging. It communicates with attackers via Telegram bots to evade detection.
Mitigate threats like QwixxRAT:
- Deploy EDR with behavioral detection
- Restrict app installations and enforce app allow-listing
- Educate users on avoiding untrusted
