Cisco says Chinese hackers are exploiting its customers with a new zero-day

On Wednesday, Cisco announced hackers are exploiting a captious vulnerability successful immoderate of its astir fashionable products that allows the afloat takeover of affected devices. Worse, determination are nary patches disposable astatine this time.

In a information advisory, Cisco said it discovered a hacking run connected December 10 targeting Cisco AsyncOS software, and successful peculiar the carnal and virtual appliances Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager. The advisory said affected devices person a diagnostic called “Spam Quarantine” enabled and are reachable from the internet. 

Cisco noted that this diagnostic is not enabled by default and does not request to beryllium exposed to the internet, which whitethorn beryllium bully news. Michael Taggart, a elder cybersecurity researcher astatine UCLA Health Sciences, told TechCrunch that “the request of an internet-facing absorption interface and definite features being enabled volition bounds the onslaught aboveground for this vulnerability.”

However, Kevin Beaumont, a information researcher who tracks hacking campaigns, told TechCrunch that this appears to beryllium a peculiarly problematic hacking run since a batch of large organizations usage the affected products, determination are nary patches available, and it’s unclear however agelong the hackers had backdoors successful the affected systems. 

At this constituent Cisco is not saying however galore customers are affected.

When reached by TechCrunch, Cisco spokesperson Meredith Corley did not reply a bid of questions, and alternatively said that the institution “is actively investigating the contented and processing a imperishable remediation.”

The solution Cisco is suggesting to customers close present is fundamentally to hitch and rebuild the affected products’ software, arsenic determination is nary spot available. 

“​​In lawsuit of confirmed compromise, rebuilding the appliances is, currently, the lone viable enactment to eradicate the menace actors persistence mechanics from the appliance,” the institution wrote. 

The hackers down the run are linked to China and different known Chinese authorities hacking groups, according to Cisco Talos, the company’s menace quality probe team, which published a blog post astir the hacking campaign. 

The researchers wrote that the hackers are taking vantage of the vulnerability, which astatine this constituent is simply a zero-day, to instal persistent backdoors, and that the run has been ongoing “since astatine slightest precocious November 2025.”