Threat Report 169

In this week’s report: Citrix NetScaler devices for a critical vulnerability that could allow attackers to bypass MFA and hijack user sessions, a critical F5 BIG-IP flaw that has now been confirmed as actively exploited, two additional Python packages compromised as part of the same ongoing supply chain campaign that affected Trivy, Exposed API's at Ajax football club and an emergency Oracle patch for a critical identity and access management vulnerability in Oracle Identity Manager and Oracle Web Services Manager.

Attackers Actively Scanning for Critical Citrix NetScaler Flaws

Citrix released a security update fixing two vulnerabilities in its NetScaler ADC and NetScaler Gateway products. The most serious flaw, CVE-2026-3055, has a severity score of 9.3 out of 10. It allows an unauthenticated attacker to read sensitive data from a device's memory, including active login tokens. Those tokens can be used to hijack a user's existing session and bypass security controls, including multi-factor authentication (MFA). The second flaw, CVE-2026-4368, affects devices configured as gateways and relates to how user sessions are handled, potentially allowing an attacker to access another user's active session. NHS England escalated the alert to High severity on 24 March 2026. Security researchers have since confirmed that attackers are already scanning the internet for vulnerable devices, checking whether systems are configured in a way that makes them exploitable.

NetScaler ADC and NetScaler Gateway are widely used across NHS trusts, local authorities, and enterprise organisations. They act as the secure front door to internal networks, controlling remote access and application delivery. Previous Citrix NetScaler vulnerabilities have been exploited within hours or days of public disclosure — researchers warn the same is likely here. An attacker who steals a valid session token does not need a password or a second authentication factor. For NHS suppliers and organisations operating under DSPT requirements, this is a patching priority. NHS England's National CSOC has assessed that further exploitation is highly likely.

Recommendations

• Check whether your organisation uses Citrix NetScaler ADC or NetScaler Gateway and confirm the version in use.
• Apply the Citrix security update (CTX696300) immediately. Fixed versions are: NetScaler ADC and NetScaler Gateway 14.1-66.59 or later; 13.1-62.23 or later; NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.262 or later.
• If you are running NetScaler 13.0, that version is end-of-life and will not receive patches — upgrade to a supported version as a priority.
• Restrict access to the NetScaler management interface so it is not reachable from the open internet where possible.
• Review remote access and session logs for any unusual authenticated sessions, particularly those using unexpected source locations or device types.

Critical F5 BIG-IP Flaw Actively Exploited — Added to US Government Emergency List

The US government's cybersecurity agency CISA added a critical flaw in F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities catalogue on 28 March 2026. The vulnerability — CVE-2025-53521 — was originally reported as a denial-of-service flaw. F5 has now reclassified it as a remote code execution vulnerability with a severity score of 9.3 out of 10, after new information emerged in March 2026 confirming that attackers can use it to run malicious code on the device. The flaw can be triggered by sending specially crafted traffic to a BIG-IP device that has an access policy configured on a virtual server. No login is required. Security researchers have confirmed they are already seeing active scanning of the internet for vulnerable F5 BIG-IP devices following the CISA announcement.

F5 BIG-IP is one of the most widely deployed network security and application delivery platforms in the world, used across large enterprises, government agencies, and critical national infrastructure, including within NHS and public sector environments. BIG-IP sits between users and applications, controlling and securing all traffic flowing through the network. A vulnerability that allows unauthenticated remote code execution on BIG-IP is extremely serious. An attacker who exploits it could take control of the appliance, intercept or redirect traffic, steal credentials, or use it as a stepping stone deeper into the network. Being added to the CISA Known Exploited Vulnerabilities catalogue confirms real-world exploitation is already happening. UK organisations should not wait to act.

Recommendations

• Check whether your organisation or any of your IT suppliers uses F5 BIG-IP APM in your environment and identify the version in use.
• Apply F5's updated security advisory for CVE-2025-53521 immediately — the advisory has been revised to reflect the reclassification as RCE.
• If you cannot patch immediately, consider restricting network access to the BIG-IP management interface and reviewing virtual server configurations.
• Review BIG-IP logs for unusual traffic patterns, unexpected connections, or signs of unauthorised access.
• If a managed service provider or IT supplier manages BIG-IP infrastructure on your behalf, ask them to confirm their patching status without delay.

Ongoing Supply Chain Campaign Hits Two More Python Packages — LiteLLM and Telnyx Affected

A threat actor known as TeamPCP has continued its campaign of attacking open-source Python packages used in software development. Last week's report covered the group's compromise of the Aqua Security Trivy GitHub Action. This week, the same group targeted two more widely used packages. LiteLLM, a popular library that allows software to connect to large language models such as those from OpenAI and others, was compromised in versions 1.82.7 and 1.82.8 on 24 March 2026. PyPI, the Python package repository, quarantined the malicious versions later the same day. The Telnyx Python SDK, used by developers building AI voice applications, was compromised in versions 4.87.1 and 4.87.2 in the early hours of 27 March 2026. Both malicious packages contained code capable of stealing API keys, database passwords, SSH keys, and any other secrets accessible from the affected machine. The malicious code also installs a persistence mechanism that survives system restarts. In the LiteLLM case, the malicious code runs even when the package is not explicitly imported.

This is now a confirmed, sustained campaign against Python software packages used in AI and software development. LiteLLM is increasingly used by teams building AI-powered applications, including within NHS digital teams, health technology companies, and NHS suppliers involved in software development. Any organisation whose developers use Python, particularly in AI-related projects, should treat this as an active supply chain threat. Stolen credentials could give attackers access to cloud environments, databases, or systems that handle patient data. The DSPT includes specific requirements around secure development practices and supply chain risk management. Being alert to — and acting quickly on — these kinds of compromises is a direct part of meeting those requirements.

Recommendations

• Check all development environments for LiteLLM versions 1.82.7 or 1.82.8 — remove them immediately and update to a clean, later version.
• Check for Telnyx Python SDK versions 4.87.1 or 4.87.2 — remove them and update to the latest clean release.
• If either compromised version was installed, treat the environment as fully compromised: rotate all API keys, database credentials, and SSH keys accessible from that machine.
• Follow NHS England's detailed remediation guidance at the links above (CC-4761 and CC-4762).
• Audit third-party Python packages across your software pipelines and look for unusual additions or unexpected version changes.
• Consider this a prompt to review your organisation's process for monitoring open-source dependencies for supply chain compromise.

Oracle Issues Emergency Patch for Critical Identity Management Flaw

Oracle released an unscheduled, out-of-band security update to fix a critical vulnerability in two of its identity and access management products: Oracle Identity Manager and Oracle Web Services Manager. The flaw — CVE-2026-21992 — has a severity score of 9.8 out of 10. It is classified as a "missing authentication for critical function" vulnerability, meaning part of the software that should require a login simply does not check whether the person accessing it has the right to do so. An attacker with no credentials can exploit this remotely over an internet connection, with no interaction required from any user. Successful exploitation allows an attacker to take full control of Oracle Identity Manager and Oracle Web Services Manager. Oracle does not typically issue out-of-band patches outside its scheduled quarterly cycle — doing so signals the company views this as urgent.

Oracle Identity Manager is used by large organisations to manage who can access which systems, it controls user accounts, roles, and permissions across the whole enterprise. If an attacker can take over the identity management platform without needing to log in, they can create new administrator accounts, escalate privileges, remove legitimate access, or move freely across the organisation's systems. For large NHS trusts, local authorities, and NHS-contracted suppliers running Oracle Fusion Middleware infrastructure, this is a significant risk. A compromised identity management platform can quickly turn into a major data breach or system-wide disruption. Organisations should not wait for their next scheduled patching cycle to act on this.

Recommendations

• Check whether your organisation runs Oracle Identity Manager or Oracle Web Services Manager on versions 12.2.1.4.0 or 14.1.2.1.0.
• Apply the Oracle out-of-band security update from Oracle Security Alert Advisory for CVE-2026-21992 immediately: 
• If you are unsure whether Oracle Fusion Middleware is present in your environment, check with your IT team or suppliers — it is often deployed as part of a broader Oracle infrastructure stack.
• Review access logs on Oracle Identity Manager's REST WebServices component for any unexpected or unauthenticated requests.
• If patching cannot be applied immediately, consider restricting network access to Oracle Identity Manager so it is not reachable from the open internet.

Exposed APIs at AFC Ajax Let Attackers Transfer Tickets and Lift Stadium Bans

Dutch football club AFC Ajax has admitted to a data breach after an attacker exploited vulnerabilities in its systems. The club's initial statement described the incident as limited;  a hacker accessed email addresses belonging to a few hundred people and some personal data tied to fewer than 20 supporters with stadium bans. Ajax said it had patched the vulnerabilities and notified the relevant regulators. However, an investigation by Dutch news outlet RTL News revealed the true scope of what was possible was far wider. By probing exposed API endpoints and reusing shared authentication keys, it was possible to act as other users entirely, transferring season tickets between accounts, changing account details, and lifting stadium bans. RTL demonstrated this by removing a VIP ticket from the account of an Ajax director in seconds, all without any special technical expertise. The root cause was a combination of insecure API design and the use of shared keys that were not properly restricted to individual users.

This incident is a clear, accessible example of what poor API security looks like in practice, and it is relevant well beyond Dutch football. Any organisation that runs a customer portal, ticketing system, booking platform, or member-facing application faces the same class of risk if its APIs are not properly secured. This type of vulnerability, where one user can perform actions on behalf of another simply by manipulating API calls, is one of the most common and most overlooked issues in web application security. For NHS suppliers and digital health companies that build or maintain patient portals, appointment booking systems, or data-sharing platforms, API security should be a core part of your software development and testing processes. The DSPT requires organisations to ensure that systems handling personal data are appropriately secured, that includes the APIs powering those systems.

Recommendations

• Review the APIs exposed by any customer-facing or patient-facing systems your organisation operates, and check whether one user can access or modify another user's data.
• Ensure that every API endpoint enforces proper authorisation checks — it should not be enough simply to be logged in; access should be restricted to the specific records that the user is permitted to see or change.
• Avoid using shared or predictable authentication keys across user accounts; each session or user action should be tied to a unique, validated token.
• Include API security testing as part of your regular application testing and penetration testing programme.
• If your organisation uses third-party platforms for patient or customer interactions, ask your suppliers what API security testing they carry out and how they handle authorisation.

Want help staying ahead of threats like these? Contact Periculo about our Threat Intelligence services.