CitrixBleed 2, a vulnerability in Citrix Netscaler, has been actively exploited since mid-June, allowing attackers to hijack sessions and bypass MFA. The vulnerability, similar to CitrixBleed, exposes sensitive information, including session tokens, through memory dumps. Despite Citrix’s claims of no exploitation, evidence suggests attacks began in early July, highlighting the need for immediate patching and incident response.