banner1
Logo Blinking Image
banner2

HOME
Breaking News

Chinese Hackers Actively Exploiting Zero-Day, Says Cisco

by VARINDIA 2025-12-20
Chinese Hackers Actively Exploiting Zero-Day, Says Cisco
Cisco has said hackers linked to China are actively exploiting a critical zero-day vulnerability in several of its widely used email security products, potentially allowing attackers to gain full control of affected systems.
 
Cisco said it detected an ongoing hacking campaign targeting its AsyncOS software on December 10. The attacks specifically affect Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances, both physical and virtual.
 
According to Cisco, the vulnerability can be exploited when the “Spam Quarantine” feature is enabled and the affected devices are accessible from the internet. While the feature is not enabled by default and does not need to be internet-facing, exposed systems remain at risk.
 
“The requirement of an internet-facing management interface and certain features being enabled will limit the attack surface for this vulnerability,” said Michael Taggart, senior cybersecurity researcher at UCLA Health Sciences.
 
However, security researchers have raised concerns about the scale and severity of the campaign. Kevin Beaumont, an independent security researcher who tracks state-sponsored hacking activity, said the situation is particularly serious given the widespread use of the affected products, the absence of available patches, and the uncertainty around how long attackers may have maintained access to compromised systems.
 
Cisco has not disclosed how many customers may have been affected. When contacted, the company said it is actively investigating the issue and working on a permanent fix. In the absence of a patch, Cisco has advised customers to wipe and rebuild affected systems if compromise is confirmed. “Rebuilding the appliances is, currently, the only viable option to eradicate the threat actors’ persistence mechanism from the appliance,” the company said.
 
Cisco Talos, the company’s threat intelligence division, linked the campaign to Chinese state-backed hacking groups. Researchers said attackers are exploiting the zero-day vulnerability to deploy persistent backdoors, noting that the campaign has been active since at least late November 2025.
er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Acronis strengthens security portfolio with TRU Intelligence and Platform enhancements

Acronis strengthens security portfolio with TRU Intelligence and Platform enhancements

Kaspersky detects a fivefold surge in QR code phishing attacks in 2025

Kaspersky detects a fivefold surge in QR code phishing attacks in 2025

UK Age-Check Rules Trigger VPN Surge as Privacy Fears Grow

UK Age-Check Rules Trigger VPN Surge as Privacy Fears Grow

SOFTWARE
View All
Newgen Recognized in the Insurance Agency Management Systems, Q4 2025 Report by an Independent Research Firm

Newgen Recognized in the Insurance Agency Management Systems, Q4 2025 Report by an Independent Research Firm

Coforge unveils EvolveOps.AI for enhanced IT operations from Edge to Cloud

Coforge unveils EvolveOps.AI for enhanced IT operations from Edge to Cloud

HCLTech joins Microsoft discovery platform to accelerate research innovation

HCLTech joins Microsoft discovery platform to accelerate research innovation

START - UP
View All
FaceOff Brings Trust-First AI Security to Banking and Insurance

FaceOff Brings Trust-First AI Security to Banking and Insurance

Zepto Files for $1.3 Billion IPO, Targets ₹11,000 Cr Fresh Capital

Zepto Files for $1.3 Billion IPO, Targets ₹11,000 Cr Fresh Capital

Prosperr.io Raises $4 Million in Seed Funding Led by Jungle Ventures

Prosperr.io Raises $4 Million in Seed Funding Led by Jungle Ventures

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
DigiLocker Safety Guide: Verifying the Official App

DigiLocker Safety Guide: Verifying the Official App

Identity: The New Security Perimeter in the Age of AI

Identity: The New Security Perimeter in the Age of AI

OpenAI’s ChatGPT Ad Strategy Begins to Take Shape

OpenAI’s ChatGPT Ad Strategy Begins to Take Shape

Integrate data security and privacy directly into the code.

Integrate data security and privacy directly into the code.

AI is expanding beyond chatbots to drive innovation for the mass market.

AI is expanding beyond chatbots to drive innovation for the mass market.

AI’s Debt-Fuelled Expansion Spills Into the Bond Market

AI’s Debt-Fuelled Expansion Spills Into the Bond Market

Zoom’s AI Avatar Watermark

Zoom’s AI Avatar Watermark

Why Crisis Planning Is Urgent in an AI-Driven, Always-Connected World

Why Crisis Planning Is Urgent in an AI-Driven, Always-Connected World

From Synthetic Identity Fraud to Enterprise-Level Deception

From Synthetic Identity Fraud to Enterprise-Level Deception

India’s Cybersecurity Product Growth Gains Momentum

India’s Cybersecurity Product Growth Gains Momentum

dsf