In this week’s report: Citrix NetScaler devices for a critical vulnerability that could allow attackers to bypass MFA and hijack user sessions, a critical F5 BIG-IP flaw that has now been confirmed as actively exploited, two additional Python packages compromised as part of the same ongoing supply chain campaign that affected Trivy, Exposed API's at Ajax football club and an emergency Oracle patch for a critical identity and access management vulnerability in Oracle Identity Manager and Oracle Web Services Manager.
Citrix released a security update fixing two vulnerabilities in its NetScaler ADC and NetScaler Gateway products. The most serious flaw, CVE-2026-3055, has a severity score of 9.3 out of 10. It allows an unauthenticated attacker to read sensitive data from a device's memory, including active login tokens. Those tokens can be used to hijack a user's existing session and bypass security controls, including multi-factor authentication (MFA). The second flaw, CVE-2026-4368, affects devices configured as gateways and relates to how user sessions are handled, potentially allowing an attacker to access another user's active session. NHS England escalated the alert to High severity on 24 March 2026. Security researchers have since confirmed that attackers are already scanning the internet for vulnerable devices, checking whether systems are configured in a way that makes them exploitable.
NetScaler ADC and NetScaler Gateway are widely used across NHS trusts, local authorities, and enterprise organisations. They act as the secure front door to internal networks, controlling remote access and application delivery. Previous Citrix NetScaler vulnerabilities have been exploited within hours or days of public disclosure — researchers warn the same is likely here. An attacker who steals a valid session token does not need a password or a second authentication factor. For NHS suppliers and organisations operating under DSPT requirements, this is a patching priority. NHS England's National CSOC has assessed that further exploitation is highly likely.
Recommendations
The US government's cybersecurity agency CISA added a critical flaw in F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities catalogue on 28 March 2026. The vulnerability — CVE-2025-53521 — was originally reported as a denial-of-service flaw. F5 has now reclassified it as a remote code execution vulnerability with a severity score of 9.3 out of 10, after new information emerged in March 2026 confirming that attackers can use it to run malicious code on the device. The flaw can be triggered by sending specially crafted traffic to a BIG-IP device that has an access policy configured on a virtual server. No login is required. Security researchers have confirmed they are already seeing active scanning of the internet for vulnerable F5 BIG-IP devices following the CISA announcement.
F5 BIG-IP is one of the most widely deployed network security and application delivery platforms in the world, used across large enterprises, government agencies, and critical national infrastructure, including within NHS and public sector environments. BIG-IP sits between users and applications, controlling and securing all traffic flowing through the network. A vulnerability that allows unauthenticated remote code execution on BIG-IP is extremely serious. An attacker who exploits it could take control of the appliance, intercept or redirect traffic, steal credentials, or use it as a stepping stone deeper into the network. Being added to the CISA Known Exploited Vulnerabilities catalogue confirms real-world exploitation is already happening. UK organisations should not wait to act.
Recommendations
A threat actor known as TeamPCP has continued its campaign of attacking open-source Python packages used in software development. Last week's report covered the group's compromise of the Aqua Security Trivy GitHub Action. This week, the same group targeted two more widely used packages. LiteLLM, a popular library that allows software to connect to large language models such as those from OpenAI and others, was compromised in versions 1.82.7 and 1.82.8 on 24 March 2026. PyPI, the Python package repository, quarantined the malicious versions later the same day. The Telnyx Python SDK, used by developers building AI voice applications, was compromised in versions 4.87.1 and 4.87.2 in the early hours of 27 March 2026. Both malicious packages contained code capable of stealing API keys, database passwords, SSH keys, and any other secrets accessible from the affected machine. The malicious code also installs a persistence mechanism that survives system restarts. In the LiteLLM case, the malicious code runs even when the package is not explicitly imported.
This is now a confirmed, sustained campaign against Python software packages used in AI and software development. LiteLLM is increasingly used by teams building AI-powered applications, including within NHS digital teams, health technology companies, and NHS suppliers involved in software development. Any organisation whose developers use Python, particularly in AI-related projects, should treat this as an active supply chain threat. Stolen credentials could give attackers access to cloud environments, databases, or systems that handle patient data. The DSPT includes specific requirements around secure development practices and supply chain risk management. Being alert to — and acting quickly on — these kinds of compromises is a direct part of meeting those requirements.
Recommendations
Oracle released an unscheduled, out-of-band security update to fix a critical vulnerability in two of its identity and access management products: Oracle Identity Manager and Oracle Web Services Manager. The flaw — CVE-2026-21992 — has a severity score of 9.8 out of 10. It is classified as a "missing authentication for critical function" vulnerability, meaning part of the software that should require a login simply does not check whether the person accessing it has the right to do so. An attacker with no credentials can exploit this remotely over an internet connection, with no interaction required from any user. Successful exploitation allows an attacker to take full control of Oracle Identity Manager and Oracle Web Services Manager. Oracle does not typically issue out-of-band patches outside its scheduled quarterly cycle — doing so signals the company views this as urgent.
Oracle Identity Manager is used by large organisations to manage who can access which systems, it controls user accounts, roles, and permissions across the whole enterprise. If an attacker can take over the identity management platform without needing to log in, they can create new administrator accounts, escalate privileges, remove legitimate access, or move freely across the organisation's systems. For large NHS trusts, local authorities, and NHS-contracted suppliers running Oracle Fusion Middleware infrastructure, this is a significant risk. A compromised identity management platform can quickly turn into a major data breach or system-wide disruption. Organisations should not wait for their next scheduled patching cycle to act on this.
Recommendations
Dutch football club AFC Ajax has admitted to a data breach after an attacker exploited vulnerabilities in its systems. The club's initial statement described the incident as limited; a hacker accessed email addresses belonging to a few hundred people and some personal data tied to fewer than 20 supporters with stadium bans. Ajax said it had patched the vulnerabilities and notified the relevant regulators. However, an investigation by Dutch news outlet RTL News revealed the true scope of what was possible was far wider. By probing exposed API endpoints and reusing shared authentication keys, it was possible to act as other users entirely, transferring season tickets between accounts, changing account details, and lifting stadium bans. RTL demonstrated this by removing a VIP ticket from the account of an Ajax director in seconds, all without any special technical expertise. The root cause was a combination of insecure API design and the use of shared keys that were not properly restricted to individual users.
This incident is a clear, accessible example of what poor API security looks like in practice, and it is relevant well beyond Dutch football. Any organisation that runs a customer portal, ticketing system, booking platform, or member-facing application faces the same class of risk if its APIs are not properly secured. This type of vulnerability, where one user can perform actions on behalf of another simply by manipulating API calls, is one of the most common and most overlooked issues in web application security. For NHS suppliers and digital health companies that build or maintain patient portals, appointment booking systems, or data-sharing platforms, API security should be a core part of your software development and testing processes. The DSPT requires organisations to ensure that systems handling personal data are appropriately secured, that includes the APIs powering those systems.
Recommendations
Want help staying ahead of threats like these? Contact Periculo about our Threat Intelligence services.