TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Active exploitation of CVE-2026-3055, a critical 9.3-rated out-of-bounds memory read vulnerability in Citrix NetScaler, began within days of its disclosure. Researchers at watchTowr observed reconnaissance traffic within days and confirmed active exploitation by March 27. The flaw allows attackers to leak sensitive memory contents — including session tokens and credentials — by sending a malformed request. Researchers also suggest CVE-2026-3055 may actually bundle multiple related memory leak vulnerabilities under a single ID, and they discovered an additional similar issue reported to Citrix. The UK's NCSC has urged organizations to patch immediately, as NetScaler ADC and Gateway devices are widely exposed and sit in critical identity paths.

Citrix NetScaler bug may be multiple flaws in one