Netherlands subjected to attacks involving critical Citrix NetScaler exploit

Multiple critical organizations across the Netherlands were noted by the country's National Cyber Security Centre to have been compromised in attacks involving the critical Citrix NetScaler memory overflow vulnerability, tracked as CVE-2025-6543, since early May, which have enabled remote code execution, according to BleepingComputer.

Highly sophisticated threat actors who exploited the zero-day to breach Dutch organizations have also moved to remove proof of the intrusions, said the NCSC in a notice, which did not specify the names of organizations impacted by the attacks. However, the Openbaar Ministerie, or the Dutch Public Prosecution Service, has confirmed having been breached following an NCSC advisory. Organizations have been advised to not only implement the necessary upgrades before ending all active sessions with specific commands but also assess potential compromise via duplicate file names having different extensions, unusual file creation dates, and the lack of PHP files within folders. Similar recommendations have been given to remediate the Citrix Bleed 2 vulnerability, tracked as CVE-2025-5777.