The Citrix vulnerability got us. There is a mitigation while we wait for a patch.
We inherited our Citrix environment after the company wisely chose to lay off every engineer that built it ... Interestingly, netscaler is FreeBSD (thank the gods) with some added nonsense.
In any event, we caught this cold and now have to clean install netscaler. Initial forensics don't look too bad as the exploit ran commands as "nobody" but we are taking no chances and will nuke/pave the VM.