A newly disclosed critical vulnerability, CVE-2026-3055, affecting Citrix NetScaler appliances is already drawing attention from threat actors, with evidence of active reconnaissance efforts emerging shortly after its public disclosure. The flaw, which carries a CVSS score of 9.3, highlights a serious security concern for organizations relying on NetScaler ADC and NetScaler Gateway, particularly those configured as a SAML IDP (SAML Identity Provider). 

Understanding CVE-2026-3055 and Its Impact 

The CVE-2026-3055 flaw is caused by insufficient input validation, leading to a memory overread vulnerability (classified under CWE-125: Out-of-bounds Read). This weakness can allow an unauthenticated attacker to access unintended portions of memory, potentially exposing sensitive data.  However, exploitation is not universally applicable across all deployments. According to the official advisory, successful attacks depend on a specific configuration: the affected Citrix NetScaler appliance must be set up as a SAML IDP. This requirement has shaped the behavior of threat actors, who are now actively scanning systems to identify those running in this particular mode.  This reconnaissance activity suggests attackers are attempting to determine whether a target environment meets the necessary preconditions before launching a full exploit. 

Affected Versions and Technical Scope 

The vulnerability impacts multiple versions of Citrix NetScaler ADC and NetScaler Gateway, including: 

• Versions 14.1 before 14.1-60.58  
• Versions 13.1 before 13.1-62.23  
• NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262  

In addition to CVE-2026-3055, the advisory also references another vulnerability, CVE-2026-4368, which involves a race condition leading to user session mix-ups. This secondary flaw carries a CVSS score of 7.7 and affects only version 14.1-66.54 under specific configurations such as Gateway services or AAA virtual servers. 

Official Advisory Details and Timeline 

The security bulletin, identified as CTX696300, provides comprehensive details about the vulnerabilities: 

• Created Date: March 23, 2026  
• Last Modified: March 27, 2026  
• Severity: Critical  

The advisory explicitly states that the “vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).” It further clarifies that CVE-2026-3055 was identified internally as part of ongoing security reviews aimed at strengthening product resilience. 

Detection and Configuration Checks 

Organizations can verify whether their Citrix NetScaler deployment is exposed to CVE-2026-3055 by inspecting configuration files for indicators of SAML IDP usage. Specifically, administrators should look for the following configuration string:  Add authentication samlIdPProfile .*  If present, the appliance is configured as an SAML IDP, making it potentially vulnerable if running an affected version.  Similarly, for CVE-2026-4368, administrators can check for: 

• AAA virtual servers: 

add authentication vserver .* 

• Gateway configurations: 

add vpn vserver .* 

Mitigation and Recommended Actions 

To address CVE-2026-3055, users of Citrix NetScaler are strongly advised to upgrade to patched versions as soon as possible. Recommended versions include: 

• NetScaler ADC and Gateway 14.1-60.58  
• 14.1-66.59 and later  
• 13.1-62.23 and later  
• 13.1-37.262 and later for FIPS and NDcPP builds  

Customers are encouraged to move to supported versions that fully remediate the vulnerability rather than relying on temporary mitigations. It is also noted that the advisory applies specifically to customer-managed deployments. Cloud-managed services maintained by the vendor are updated automatically. 

The agency said Iranian hackers targeted the director’s personal email account and noted that the compromised information is old.

The post FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers appeared first on SecurityWeek.

F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. [...]

The Indian government will effectively ban Chinese video surveillance giants, including Hikvision, Dahua, and TP-Link, from selling internet-connected CCTV cameras in the country.

This decisive market restriction stems from new mandatory certification rules driven by national security concerns regarding foreign hardware.

New Mandatory STQC Certification Rules

The Ministry of Electronics and Information Technology (MeitY) has implemented strict Standardisation Testing and Quality Certification (STQC) requirements for all internet-connected surveillance equipment.

These rules, rooted in Essential Requirements (ER) norms first notified in April 2024, set baseline cybersecurity standards aligned with the IS 13252-1 framework to mitigate foreign espionage risks.

Under the guidelines, manufacturers must explicitly disclose the country of origin for critical System-on-Chip (SoC) architectures.

The government is actively denying certification to any products utilizing Chinese-origin chipsets to prevent unauthorized remote access vulnerabilities.

Vendors must also pass rigorous laboratory testing, ensuring secure TLS/HTTPS communication and uniform patch management; without this security clearance, their hardware is completely barred from being imported or sold in the Indian market.

The Indian government originally introduced these certification norms in March and April 2024 and provided a two-year transition window for manufacturers to comply.

The MeitY Office Memorandum dated January 16, 2026, made it unambiguous that the grace period has conclusively ended no extensions will be granted. As of late 2025, more than 500 CCTV models had already been certified under the new regime.

According to the Economic Times, the sweeping regulatory overhaul has fundamentally reshaped the Indian video surveillance landscape, heavily favoring the domestic “Make in India” initiative while forcing out entrenched Chinese brands that previously commanded a third of total national sales.

Domestic manufacturers such as CP Plus, Qubo, Prama, Matrix, and Sparsh have completely restructured their hardware supply chains to ensure strict compliance, abandoning prohibited Chinese components in favor of secure Taiwanese chipsets and heavily localized proprietary firmware.

As a result, Indian brands have aggressively captured over 80% of the total market share as of early 2026, according to Counterpoint Research, relegating established multinational corporations like Bosch and Honeywell to specialized premium enterprise segments.

The transition away from highly subsidized Chinese surveillance hardware has introduced notable economic ramifications, a 15% to 20% price increase across mid-range and high-end camera segments, as manufacturers absorb the costs of alternative components and rigorous compliance testing.

India’s crackdown on Chinese surveillance equipment is consistent with a global pattern of restrictions on Hikvision and Dahua, both of which have been flagged by multiple countries for potential ties to the Chinese government and state-sponsored surveillance programs.

The STQC mandate specifically targets vulnerabilities endemic to Chinese-origin IP cameras, including exposed debug ports such as UART and Telnet interfaces, insecure firmware update mechanisms, and unencrypted data transmission channels.

The broader regulatory framework also encompasses government procurement restrictions. Indian government departments have been formally prohibited from purchasing CCTV equipment that does not meet the new Essential Requirements.

An advisory was additionally issued to all Ministries to undertake comprehensive audits of existing CCTV networks for supply chain vulnerabilities.

Cybersecurity professionals and domestic industry leaders have widely praised the government’s initiative, viewing the stringent hardware mandates as a critical, overdue victory for national data sovereignty and physical infrastructure security.

India’s $3.5 billion video surveillance market is projected to benefit substantially from the localization push, with certified domestic players positioned to capture large-scale government and smart city deployments.

However, skeptics have voiced concerns regarding the long-term operational reliability of rapidly scaled domestic alternatives, while Chinese stakeholders and international observers have criticized the regulatory shift as trade protectionism disguised as a security measure.

Meanwhile, with over 80% of surveillance products previously relying on Chinese components and cloud infrastructure, MSMEs dependent on that supply chain are bracing for significant disruption as the April 1 deadline arrives.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post India to Ban Hikvision, TP-Link, and CCTV Product Sales Starting April appeared first on Cyber Security News.

A recent investigation as exposed how a suspected North Korean IT worker allegedly used a stolen identity, AI-generated resume content, and scripted interview answers to try to secure a senior remote role at U.S.-based threat intelligence firm Nisos. The case highlights how DPRK IT employment schemes are evolving by combining traditional fraud with modern AI […]

The post North Korean IT Worker Used Stolen Identity, AI-Generated Resume in Job Scam appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix  NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. [...]