Critical infra bugs raise DeFi risk
Exchanges and DeFi services face elevated systemic risk after CISA and the UK NCSC warned of active exploitation probes against F5 BIG‑IP and Citrix NetScaler appliances — Pepeto concurrently pushed a major security upgrade. Unpatched appliances could expose custody and backend services to RCE attacks. (gbhackers.com) (ncsc.gov.uk) (daily-tribune.com)
CVE‑2025‑53521 — the F5 BIG‑IP Access Policy Manager bug — was reclassified to unauthenticated remote code execution with a CVSS v4 base score of 9.3, and CISA added it to its Known Exploited Vulnerabilities catalog on March 27, 2026 with a federal mitigation deadline of March 30, 2026. (securityweek.com)) F5’s advisory (K000156741) documents that the RCE is exploitable when an APM access policy is configured on a virtual server, lists patched versions, and was updated March 29, 2026 to reflect the escalated severity. (my.f5.com)) Citrix disclosed CVE‑2026‑3055 in late March 2026, assigned CVSS v4.0 9.3 for an out‑of‑bounds memory read, and specified the appliance must be configured as a SAML Identity Provider for exploitation to leak sensitive memory (including session material). (support.citrix.com)) Security vendors and researchers have published telemetry showing active reconnaissance and early exploitation activity: watchTowr/Defused and Rapid7 reported probes and evidence of in‑the‑wild behavior against NetScaler, while multiple outlets flagged active exploitation attempts against the reclassified F5 bug. (infosecurity-magazine.com)) BIG‑IP APM and NetScaler ADC/Gateway are widely used as APM/SSO and load‑balancing fronts for enterprise web apps and custody systems, creating realistic attack paths that can expose session tokens or enable RCE-driven backend access for custodial or exchange infrastructure if appliances remain unpatched. (ncsc.gov.uk)) Vendor and national guidance converge on immediate remediation: apply the F5 and Citrix updates listed in their advisories, run NetScaler Console’s CVE detection to enumerate impacted instances, and follow post‑patch steps such as isolating management interfaces and rotating session keys or credentials—controls enumerated in F5 K000156741, Citrix CTX696300 and NetScaler Console documentation. (my.f5.com)) Pepeto’s recent presale and exchange security announcement (AI‑driven contract verification and expanded bridge/swap audit tooling across Ethereum, BNB Chain and Solana) landed during this window; the project’s presale reporting shows roughly $8.4–$8.5 million raised as the upgrade was publicized in mid‑to‑late March 2026. (pepeto.io))
