Cisco says Chinese hackers are exploiting its customers with a new zero-day

Cisco has disclosed that Chinese hackers are actively exploiting a critical zero-day vulnerability in several of its widely used products, including Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager running on AsyncOS software. This flaw allows attackers to fully take over affected devices, and currently, no patches are available to fix the issue. The vulnerability specifically impacts devices with the “Spam Quarantine” feature enabled and accessible from the internet, although this feature is not enabled by default nor required to be internet-facing, which somewhat limits the attack surface. Cisco discovered the hacking campaign on December 10 and has linked the attackers to Chinese government-affiliated groups, according to its Talos threat intelligence team. The company has not disclosed the number of affected customers or detailed which organizations were targeted. Cisco’s interim mitigation advice is to wipe and rebuild the affected appliances’ software to remove any persistent backdoors, as no other remediation options exist at this time. Security experts note the severity of the campaign due to the widespread use of the