Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Cisco announced on Wednesday that hackers are exploiting a critical vulnerability in some of its most popular products that allows full control of affected devices. What’s worse is that there are no patches available at this time.
In a security alertCisco said it discovered a hacking campaign on December 10 targeting Cisco AsyncOS software, in particular physical and virtual Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager devices. The affected devices have a feature called “spam isolation” enabled and can be accessed from the Internet, the advisory said.
Cisco noted that this feature is not enabled by default and does not require Internet exposure, which may be good news. Michael Taggart“Internet-facing management interface requirements and enabling certain features will limit the attack surface for this vulnerability,” a senior cybersecurity researcher at UCLA Health Sciences told TechCrunch.
but, Kevin BeaumontA security researcher who tracks hacking campaigns told TechCrunch that this appears to be a particularly problematic hacking campaign given that a lot of large organizations are using the affected products, there are no patches available, and it’s unclear how long the hackers have had backdoors in the affected systems.
At this point, Cisco is not saying how many customers are affected.
When TechCrunch contacted Cisco spokesperson Meredith Corley, she did not answer a series of questions, instead saying the company was “actively investigating the issue and developing a permanent fix.”
Contact us
Do you have more information about this hacking campaign? Like what companies were targeted? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, via Telegram and Keybase @lorenzofb, or Email.
The solution that Cisco is now proposing to customers is essentially to wipe and rebuild the software of the affected products, as no patch is available.
“In the event of a confirmed compromise, rebuilding devices is, currently, the only viable option to eliminate the threat actor persistence mechanism from the device,” the company wrote.
The hackers behind the campaign are linked to China and other known Chinese government hacking groups, according to Cisco Talos, the company’s threat intelligence research team, which Published a blog post About the hacking campaign.
Hackers are exploiting the vulnerability, which at this point is a vulnerability, the researchers wrote Zero dayto install continuous backdoors, and that the campaign has been ongoing “since at least late November 2025.”