Paul's Security Weekly (Audio) Citrixbleed 2, Hardware Hacking, and Failed Bans - PSW #882
Jul 10, 2025
This week dives into Citrixbleed 2, revealing a critical memory leak exploit. The team harshly critiques Ruckus for their handling of vulnerabilities amid alarming silence. They debate the legality of banning hacking tools like Flipper Zero and review a fascinating CAN-bus to game controller hack. Bluetooth earbuds from TikTok are scrutinized for exposing sensitive data, while nostalgia hits with Sound Blaster cards and quirky driver issues. Plus, insights into Bitcoin ATM breaches and the quirky world of retro hardware add to the mix!
AI Snips
Chapters
Books
Transcript
Episode notes
Citrixbleed 2 Risk From Poor Vendor Disclosure
- Citrix CVE-2025-5777 is a memory-leak vulnerability that echoes the 2023 CitrixBleed pattern and can leak credentials.
- Lack of vendor technical details and delayed transparency gave attackers a head start and left defenders blind.
Hunt Immediately When Vendors Omit IOCs
- If a vendor provides a patch with no IOCs, assume active exploitation and hunt for suspicious authentication spikes.
- Create logging and WAF rules to look for large volumes of auth requests and anomalous login parameter patterns.
Ruckus Ghosted Researchers And CERT
- Clarity's Team82 reported nine Ruckus vulnerabilities but received no response from Ruckus or parent company Commscope.
- The issues include hard-coded keys and credentials that can grant root access, yet Ruckus remained silent to researchers and CERT.
