A Chinese APT group, Salt Typhoon, is exploiting two vulnerabilities in Cisco IOS XE software to gain unauthorized access to telecommunications networks worldwide. The vulnerabilities, CVE-2023-20198 and CVE-2023-20273, allow attackers to escalate privileges and execute arbitrary commands, enabling cyber-espionage activities. Organizations are urged to patch their systems, disable unnecessary web interfaces, and monitor network traffic to mitigate the risk posed by these ongoing attacks.