Attackers are targeting vulnerabilities in F5 and Citrix equipment, with a remote code execution flaw in F5's BIG-IP Access Policy Manager and a "memory overread" issue in Citrix's NetScaler Application Delivery Controller being actively exploited. The F5 vulnerability, which was initially disclosed last year, has had its severity revised, highlighting the ongoing risk it poses. These flaws can be used to compromise major application delivery and security platforms, as well as VPN gateways, putting sensitive data and systems at risk. The exploitation of these vulnerabilities demonstrates the importance of keeping software up to date and patching known flaws in a timely manner1. This matters to security practitioners because unpatched vulnerabilities in critical infrastructure can provide an entry point for attackers, allowing them to gain a foothold in an organization's network and potentially move laterally to exploit other weaknesses.