Cisco email security products targeted in zero-day campaign

Kiswahili

Two groups linked to China are exploiting a newly discovered vulnerability in Cisco's email security products. The campaign involves zero-day attacks, highlighting ongoing cybersecurity risks. The issue was reported on December 19, 2025.

Cisco's email security solutions have come under active attack from two Chinese-nexus threat groups. These actors are leveraging a zero-day flaw, meaning the vulnerability was unknown to the company prior to exploitation. Such campaigns underscore the persistent challenges in securing enterprise email systems against sophisticated adversaries.

The exploitation targets products designed to protect against email-based threats, potentially allowing attackers to bypass defenses and deliver malware or steal data. No specific details on the flaw's nature or the exact products affected were disclosed in initial reports, but the involvement of state-linked groups raises concerns about targeted espionage.

Cisco has yet to issue an official response in the available information, though the discovery prompts urgent patching and monitoring recommendations for users. This incident fits into a broader pattern of zero-day abuses by Chinese-affiliated hackers, as seen in previous high-profile breaches.

Makala yanayohusiana

Illustration of a cyber attack on Cisco devices, showing analysts monitoring screens with code and warnings in a dark operations room.
Picha iliyoundwa na AI

Operation Zero Disco exploits Cisco SNMP flaw for rootkits

Imeripotiwa na AI Picha iliyoundwa na AI

Cyber threat actors in Operation Zero Disco have exploited a vulnerability in Cisco's SNMP service to install persistent Linux rootkits on network devices. The campaign targets older Cisco switches and uses crafted packets to achieve remote code execution. Trend Micro researchers disclosed the attacks on October 16, 2025, highlighting risks to unpatched systems.

Chinese hackers install backdoors via Cisco email zero-day

Cisco Talos has detailed how a Chinese-linked group is exploiting an unpatched zero-day in email security appliances since late November 2025, deploying backdoors and log-wiping tools for persistent access.

China directs firms to halt use of US and Israeli cybersecurity software

Imeripotiwa na AI

Chinese authorities have instructed domestic companies to stop using cybersecurity software from more than a dozen US and Israeli firms due to national security concerns. The directive supports Beijing's drive to replace Western technology with homegrown alternatives amid intensifying tech competition with the United States. Three sources familiar with the matter said the notice was issued in recent days.

Linux

China-nexus groups and cybercriminals ramp up React2Shell exploits

Teknolojia

Cybersecurity breaches define troubling year in 2025

Siasa

Chinese cyberattacks on Taiwan average 2.6 million daily in 2025

Thousands of Korean Air employees exposed in Oracle breach

Korean Air, a major South Korean airline, has been affected by a supply-chain attack originating from Oracle, resulting in the exposure of thousands of its employees' information. The incident highlights vulnerabilities in third-party software services. Details emerged in a recent security report.

EU commission aims to ban chinese risk technology from networks

Imeripotiwa na AI

The EU Commission has presented a revised cybersecurity law to better fend off attacks and reduce dependencies on high-risk third countries. In particular focus: Chinese companies like Huawei and ZTE, which are to be effectively excluded from 5G rollout. This follows a recent hacker attack on the Eurail platform.

OpenAI users targeted by scam emails and vishing calls

Scammers are sending emails that appear genuine to OpenAI users, designed to manipulate them into revealing critical data swiftly. These emails are followed by vishing calls that intensify the pressure on victims to disclose account details. The campaign highlights ongoing risks in AI platform security.

US government urged to patch critical Gogs security flaw

Imeripotiwa na AI

The US government has been advised to urgently address a high-severity vulnerability in the Gogs software to prevent potential attacks. This serious bug has been added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog. The warning comes amid growing concerns over exploited software weaknesses.

Jumanne, 27. Mwezi wa kwanza 2026, 23:02:25

Microsoft patches security flaw in Office software

Ijumaa, 23. Mwezi wa kwanza 2026, 05:13:14

Fortinet FortiGate devices face automated attacks creating rogue accounts

Jumatano, 14. Mwezi wa kwanza 2026, 06:04:56

Hackers hijack LinkedIn comments to spread malware

Alhamisi, 8. Mwezi wa kwanza 2026, 09:42:35

Congressional staff emails hacked in Salt Typhoon campaign

Alhamisi, 8. Mwezi wa kwanza 2026, 07:18:04

China-linked UAT-7290 targets telecoms with Linux malware

Jumatatu, 22. Mwezi wa kumi na mbili 2025, 16:25:40

HPE urges immediate patching of OneView after critical security flaw found

Jumanne, 16. Mwezi wa kumi na mbili 2025, 23:12:04

React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft

Jumatatu, 15. Mwezi wa kumi na mbili 2025, 07:33:41

Apple fixes zero-day flaws in WebKit for sophisticated attacks

Jumamosi, 13. Mwezi wa kumi na mbili 2025, 22:13:21

Alleged Salt Typhoon hackers received Cisco training

Jumatano, 10. Mwezi wa kumi na mbili 2025, 07:11:22

North Korean hackers exploit maximum severity React2Shell flaw

 

 

 

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa