- Cyber Safety
- Posts
- ⚠️ CitrixBleed 2 Exploited | Salt Typhoon Breaches US National Guard | Singapore Under Siege
⚠️ CitrixBleed 2 Exploited | Salt Typhoon Breaches US National Guard | Singapore Under Siege
In partnership with
Start learning AI in 2025
Keeping up with AI is hard – we get it!
That’s why over 1M professionals read Superhuman AI to stay ahead.
Get daily AI news, tools, and tutorials
Learn new AI skills you can use at work in 3 mins a day
Become 10X more productive
Hi there,
This week’s cyber threat landscape escalated sharply—from state-backed breaches to critical infrastructure attacks. Here’s what you need to know and do right now to stay protected.
🛡️ Top Threats This Week
🇨🇳 Salt Typhoon Infiltrates US National Guard
China-linked APT “Salt Typhoon” quietly accessed a U.S. state National Guard network for nine months using a stealthy kernel-mode rootkit called Demodex. It’s a sobering reminder that long-term intrusions are often invisible—until they aren’t.
🔥 CitrixBleed 2 Under Active Exploit
A new critical Citrix vulnerability (CVE‑2025‑5777) is being used in the wild. The flaw allows credential theft from NetScaler devices. CISA mandates patching within 24 hours for federal systems—your timeline should be the same.
🇸🇬 Singapore Critical Infrastructure Targeted
UNC3886, a Chinese threat group, is actively scanning and infiltrating energy, water, and healthcare systems in Singapore. Expect ripple effects across Asia-Pacific supply chains.
🌐 Europol Takes Down Pro-Russian DDoS Group
The “NoName057(16)” group was dismantled by a multinational operation. Authorities uncovered a gamified DDoS platform using crypto and badges to reward cyber attackers.
🌊 Undersea Cable Sabotage Risks Rising
Recorded Future reports a surge in intentional damage to global submarine cables. Nine incidents tied to Russian and Chinese actors occurred since 2024—affecting connectivity and data flow.
🔍 Focus: CitrixBleed 2 – Patch Now
If you use Citrix NetScaler ADC or Gateway:
✅ Patch all instances running:
14.1 ≤ 47.46
13.1 ≤ 59.19
🔍 Check logs for:
Unusual memory over-reads
Suspicious token access
🧱 Rotate session tokens, review access permissions
The exploit is simple—but devastating. Don’t delay.
🧠 What Salt Typhoon Teaches Us
These attackers used kernel-level malware to operate under the radar for nearly a year. Key takeaways:
Use endpoint detection with rootkit visibility
Isolate mission-critical infrastructure from general IT
Monitor kernel integrity continuously—not just periodically
✅ This Week’s Checklist
✔ | Task |
|---|---|
🔒 | Patch Citrix NetScaler systems immediately |
🧾 | Audit logs for memory access anomalies |
🔍 | Review vendor security—especially in infra & telecom |
🛰️ | Check submarine cable redundancy if critical to operations |
🧠 | Run a tabletop sim of stealth breach + cable outage |
🛠️ Strategy Corner
Here’s how to bolster your org this week:
Zero-Trust Access: Reevaluate remote tool permissions
IR Drills: Simulate breach from undetected rootkit
Cable Threat Monitoring: Partner with network teams to detect latency or reroute anomalies
Supply Chain Review: Don’t ignore your vendors—they’re often the weakest link
🎯 TL;DR
This week is a wake-up call. Stealthy attackers and physical infrastructure threats are converging. Now’s the time to patch fast, monitor deeper, and train smarter.
Need help creating a CitrixBleed patch plan or setting up rootkit detection? Just reply—we’ve got templates and expert resources ready.
Stay safe,
The Cybersafety Team
Find out why 1M+ professionals read Superhuman AI daily.
In 2 years you will be working for AI
Or an AI will be working for you
Here's how you can future-proof yourself:
Join the Superhuman AI newsletter – read by 1M+ people at top companies
Master AI tools, tutorials, and news in just 3 minutes a day
Become 10X more productive using AI
Join 1,000,000+ pros at companies like Google, Meta, and Amazon that are using AI to get ahead.