Unpatched Citrix NetScaler Devices Under Attack, Connected to FIN8

A threat actor linked to the FIN8 threat group is exploiting a critical vulnerability in unpatched Citrix NetScaler systems, potentially leading to ransomware attacks. In the series of attacks, the attacker carried out the exploitation by inserting two harmful code payloads in different processes. Over 31,000 Citrix NetScaler instances are still vulnerable to the flaw, despite security updates being available for over a month.