"This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance,"
"The ongoing investigation has revealed evidence of a persistence mechanism implanted by the threat actors to maintain a degree of control over compromised appliances."
"These updates also remove persistence mechanisms that may have been installed during a related cyberattack campaign,"
"Cisco strongly recommends that affected customers upgrade to an appropriate fixed software release, as outlined in the updated security advisory. Customers needing support should contact the Cisco Technical Assistance Center."
A critical AsyncOS vulnerability, tracked as CVE-2025-20393, affected Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. Exploitation allowed attackers to execute arbitrary commands with root privileges on the underlying operating system and to implant persistence mechanisms to retain control of compromised appliances. Talos attributed intrusions to UAT-9686, a China-linked group, with activity since at least late November 2025. Initial targeting was observed on December 10 and disclosure occurred on December 17. Software updates have been released to remove persistence mechanisms and customers are urged to upgrade to fixed releases; the number of compromised appliances remains undisclosed.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]