Cisco email security appliances have been compromised by a Chinese-nexus threat group exploiting an unpatched zero-day vulnerability (CVE-2025-20393). The attackers installed custom backdoors like AquaShell and log-purging tools, targeting devices with the Spam Quarantine feature exposed to the internet. Cisco advises affected organizations to check their configurations and potentially rebuild compromised appliances.
Edward Kiledjian
@ekiledjian