Session Hijacking

A type of attack where an attacker takes control of a user session.

CitrixBleed: Critical Flaw Leads to Session Hijacking and MFA Bypass

Nov 13, 2025

—

by

Peter Chofield

in Digital Espionage & Intelligence

CitrixBleed is a critical information-disclosure vulnerability affecting Citrix NetScaler ADC and Gateway systems. Attackers exploit this flaw to steal session tokens, hijack user sessions, and bypass multi-factor authentication, leading to data breaches, system compromise, and digital espionage by APT groups and cybercriminals.