Core Insights - A group of Chinese government-backed hackers is exploiting a vulnerability in Cisco's products, targeting enterprise customers [1] - Cisco has not disclosed the number of affected customers, but security researchers estimate that hundreds may be at risk [2][3] Vulnerability Details - The vulnerability, identified as CVE-2025-20393, is a zero-day flaw, meaning it was discovered before patches were available [2] - Cisco's advisory indicates that the vulnerability exists in several products, including the Secure Email Gateway and Secure Email and Web Manager [5] - Systems are only vulnerable if they are internet-accessible and have the "spam quarantine" feature enabled, which is not the default setting [6] Impact Assessment - Shadowserver Foundation reports that the scale of exposure is likely in the hundreds, not thousands [2] - Censys has identified 220 internet-exposed Cisco email gateways as vulnerable [3] - Cisco's threat intelligence arm, Talos, indicates that the hacking campaign has been active since at least late November 2025 [8] Remediation Recommendations - Cisco advises customers to wipe and restore affected appliances to a secure state, as no patches are currently available [7]

Core Viewpoint - Cisco has announced that hackers are exploiting a critical vulnerability in its popular products, allowing full device takeover, with no patches currently available [1] Group 1: Vulnerability Details - Cisco discovered a hacking campaign targeting Cisco AsyncOS software, specifically affecting Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager [2] - The affected devices have the "Spam Quarantine" feature enabled and are accessible from the internet, although this feature is not enabled by default [3] Group 2: Security Implications - The requirement for an internet-facing management interface and specific features being enabled may limit the attack surface for this vulnerability, according to cybersecurity experts [3] - The hacking campaign is particularly concerning as many large organizations use the affected products, and the lack of available patches raises significant risks [3] Group 3: Customer Impact and Response - Cisco has not disclosed how many customers are affected and is currently investigating the issue while developing a permanent solution [4] - The recommended immediate action for customers is to wipe and rebuild the affected products' software, as this is the only viable option to eliminate the threat [5] Group 4: Attribution and Timeline - The hackers are linked to China and known Chinese government hacking groups, with the campaign reportedly ongoing since at least late November 2025 [6]