Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
On Wednesday, Cisco announced that hackers are exploiting a major vulnerability in some popular products that allows affected devices to be completely wiped out. Too bad, no patches are available at the moment.
In defense counselCisco said it discovered a phishing campaign on December 10 targeting Cisco AsyncOS software, specifically the physical and virtual devices Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager. The advisory said the affected devices have a feature called “Spam Quarantine” enabled and are available online.
Cisco noted that this feature is not supported by default and should not be exposed online, which may be good news. Michael Taggarta senior researcher on cybersecurity at UCLA Health Sciences, told TechCrunch that “the need for online control features and other enabled features will reduce the risk of this attack.”
However, Kevin Beaumonta security researcher who tracks the hacking campaign, told TechCrunch that this appears to be a very complex campaign because many large organizations use the affected products, there are no patches available, and it is not known how long the hackers have been on the affected systems.
At this time Cisco is not saying how many customers are affected.
When reached by TechCrunch, Cisco spokesperson Meredith Corley did not respond to several questions, and instead said the company is “actively investigating this issue and making permanent fixes.”
contact us
Do you have information about phishing campaigns? Which companies are they considering? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
The solution that Cisco is giving customers right now is to wipe and rebuild the affected software, because there is no patch.
“If confirmed, updating the device is the only way to solve the threat’s effect on the device,” the company wrote.
The hackers behind the campaign have been linked to China and other prominent Chinese government groups, according to Cisco Talos, a corporate intelligence threat intelligence group, which. published a blog post about the theft campaign.
The researchers wrote that hackers are taking advantage of the vulnerability, which is currently day zeroestablishing backdoors continuously, and that the campaign has been running “since late November 2025.”
