Citrix Bleed 2 is a critical vulnerability that was actively exploited weeks before proof-of-concept (PoC) exploits were made public, despite Citrix's denial of attacks.