On Wednesday, Cisco revealed that hackers, allegedly backed by the Chinese government, are targeting a vulnerability in some of their widely-used products, affecting corporate clients. The exact number of impacted customers remains undisclosed, but experts suggest that hundreds of Cisco clients might be at risk. The Shadowserver Foundation, which monitors hacker activities, notes that the vulnerability’s impact appears limited to hundreds rather than thousands of systems, likely due to the targeted nature of the attacks. This vulnerability, known as a zero-day, was identified before Cisco could release patches. Countries like India, Thailand, and the United States have reported dozens of vulnerable systems. Censys, a cybersecurity firm, also reported observing 220 affected Cisco email gateways. The vulnerability affects products such as Secure Email Gateway and Secure Email and Web Manager, specifically when these systems are exposed to the Internet with the “spam quarantine” feature enabled, which are not default settings. Cisco has advised customers to completely erase and restore affected devices to eliminate the threat, as patches are currently unavailable. The cyber threat has been ongoing since at least late November 2025.
Are Chinese Hackers Exploiting a Zero-Day Vulnerability in Cisco Products?
