Weekly Exploit Roundup

Generated 2026-03-31T08:00:15.708728+00:00 (UTC)

1. Critical Citrix NetScaler memory flaw actively exploited in attacks
   Source: BleepingComputer | Published: 2026-03-30T18:28:37+00:00 | Score: 22.297
   Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix  NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. […]
2. From Vectors to Verdicts: Web App Testing with Vector Command
   Source: Rapid7 Cybersecurity Blog | Published: 2026-03-25T13:52:23+00:00 | Score: 19.689
   If it’s online, it’s a target Web applications are no longer just business enablers, they’re often the front door to an organization. They can often generate revenue, enforce identity, connect systems and hold customer and business data. “ 75% of successful Vector Command breaches were conducted through web apps. ” – Principal Security Consultant, Vector Command Team at Rapid7 From SaaS platforms and identity providers to customer portals and internal tools, attackers increasingly rely on web applications as their initial access point. In fact, application-driven attacks account for a significant percentage of real-world breaches. But testing web applications for real risk isn’t the same as scanning for bugs; that’s where Vector Command (Rapid7’s continuous managed red team service) comes in. Figure 1: Vector Command Advanced How Vector Command approaches web applications Vector Command evaluates web applications the same way real attackers do, by asking a single question: Can this app
3. Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now
   Source: BleepingComputer | Published: 2026-03-30T10:59:38+00:00 | Score: 19.375
   F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. […]
4. CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
   Source: The Hacker News | Published: 2026-03-28T07:07:00+00:00 | Score: 18.931
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
   The vulnerability in question is CVE-2025-53521 (CVSS v4 score: 9.3), which could allow a threat actor to achieve remote code execution.
   "When a
5. Metasploit Wrap-Up 03/27/2026
   Source: Rapid7 Cybersecurity Blog | Published: 2026-03-27T20:48:03+00:00 | Score: 18.024
   Better NTLM Relaying Functionality This week’s release brings an improvement to the SMB NTLM relay server. In the past, it’s support has been expanded with modules for relaying to HTTP (ESC8), MSSQL and LDAP while still receiving connections over the humble SMB service. Prior to this release, clients required a key behavior in how they handled SMB’s STATUS_NETWORK_SESSION_EXPIRED error code, in order to relay a single authentication attempt to multiple targets. Most clients other than Window’s “net use” do not handle these errors and were thus incompatible with Metasploit SMB NTLM relaying capabilities. Now, when a single target is specified, Metasploit alters its relaying strategy to forward the Net-NTLM messages immediately, making it compatible with a broader range of clients including Linux’s smbclient. In addition, the client in RubySMB was updated to mimic the behaviour of “net use” allowing authentication attempts from RubySMB to be relayed to multiple targets successfully. New
6. Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
   Source: The Hacker News | Published: 2026-03-28T09:11:00+00:00 | Score: 17.492
   A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr.
   The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information.
   Per
7. CISA orders feds to patch actively exploited Citrix flaw by Thursday
   Source: BleepingComputer | Published: 2026-03-31T07:05:25+00:00 | Score: 17.173
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. […]
8. CISA Adds One Known Exploited Vulnerability to Catalog
   Source: Alerts | Published: 2026-03-30T12:00:00+00:00 | Score: 16.405
   CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-3055 Citrix NetScaler Out-of-Bounds Read Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog
9. CISA Adds One Known Exploited Vulnerability to Catalog
   Source: Alerts | Published: 2026-03-27T12:00:00+00:00 | Score: 15.762
   CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-53521 F5 BIG-IP Remote Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vul
10. Exploitation of Fresh Citrix NetScaler Vulnerability Begins
    Source: SecurityWeek | Published: 2026-03-30T09:24:10+00:00 | Score: 14.827
    The critical-severity flaw leaks application memory and can be exploited to obtain authenticated administrative session IDs. The post Exploitation of Fresh Citrix NetScaler Vulnerability Begins appeared first on SecurityWeek .

End of report.