Hackers linked to China are actively exploiting a critical zero-day vulnerability in Cisco’s widely used email security products, potentially gaining full control of affected systems. The ongoing hacking campaign targets Cisco’s AsyncOS software, impacting the Secure Email Gateway and Secure Email and Web Manager appliances. The vulnerability is exploitable when the “Spam Quarantine” feature is enabled and devices are internet-accessible, though this feature is not default. The attack surface is limited by the requirement of an internet-facing management interface and certain features being enabled. Despite this, the campaign’s scale and severity have raised concerns due to the widespread use of the affected products, lack of available patches, and uncertainty over the duration of unauthorized access. Cisco is investigating and working on a permanent fix, advising customers to wipe and rebuild compromised systems to remove threats. The campaign, attributed to Chinese state-backed groups, has been active since at least late November 2025, with attackers deploying persistent backdoors.
Are Chinese Hackers Exploiting a Critical Zero-Day in Cisco Products?
