**Cisco Warns of Critical Vulnerability Exploited by Chinese Hackers**

Cisco has issued a security advisory warning that hackers are exploiting a critical vulnerability in some of its most popular products, allowing for the full takeover of affected devices. The company's AsyncOS software is at risk, particularly on physical and virtual appliances such as Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager.

The exploitation of this vulnerability is attributed to a hacking campaign linked to China and other known Chinese government hacking groups. According to Cisco Talos, the company's threat intelligence research team, the hackers have been taking advantage of the zero-day vulnerability since at least late November 2025, installing persistent backdoors on affected systems.

The advisory noted that the vulnerability is related to a feature called "Spam Quarantine" being enabled and reachable from the internet. While this may be good news for some organizations, as it limits the attack surface, security experts are warning of the severity of the situation. Kevin Beaumont, a security researcher who tracks hacking campaigns, told TechCrunch that the lack of patches available and the unclear duration of hackers' backdoors in affected systems make this campaign particularly problematic.

"The requirement of an internet-facing management interface and certain features being enabled will limit the attack surface for this vulnerability," said Michael Taggart, a senior cybersecurity researcher at UCLA Health Sciences. However, he also acknowledged that the situation is critical, given the number of big organizations using affected products.

Cisco is currently investigating the issue and developing a permanent remediation, but has not disclosed how many customers are affected. In the meantime, the company recommends wiping and rebuilding the affected products' software as there is no patch available. This may be a difficult solution for some organizations to implement, particularly if they have critical data stored on the affected systems.

As the hacking campaign continues to unfold, security experts are warning of the importance of prioritizing cybersecurity measures. With the lack of patches and the potential for prolonged exploitation, it is essential for organizations to take proactive steps in protecting their networks and devices from these types of threats.

**What You Can Do**

* If you're a Cisco customer using affected products, review your systems immediately and ensure that "Spam Quarantine" is not enabled. * Consider wiping and rebuilding the affected products' software as a precautionary measure. * Ensure that all internet-facing management interfaces are properly secured.

**Contact Us**

If you have more information about this hacking campaign or would like to share insights, please contact Lorenzo Franceschi-Bicchierai securely via Signal (+1 917 257 1382), Telegram and Keybase (@lorenzofb), or email (lorienzo@techcrunch.com).

HACKER_BLOG

CISCO SAYS CHINESE HACKERS ARE EXPLOITING ITS CUSTOMERS WITH A NEW ZERO-DAY | TECHCRUNCH