Cisco Patches Zero-Day Tied to China APT

Cisco on Thursday pushed security updates to fix a critical vulnerability in its Secure Email Gateway product, after Chinese state-linked hackers exploited the flaw in the wild. The zero-day, tracked as CVE-2025-20393 and carrying a maximum severity rating, affects Cisco AsyncOS Software and allows remote code execution. Cybersecurity researchers said the threat actor triggered the flaw to conduct targeted attacks, highlighting the urgency of the patch. This latest incident reinforces ongoing concerns around threat actors targeting enterprise communications infrastructure.

The company urged customers to update immediately to reduce exposure from this actively exploited weakness. It did not disclose when or how attackers first leveraged the flaw but confirmed malicious use had occurred. The fix follows industry pressure on vendors to shorten patch deployment times amid escalating cyber risks.

As Cisco patches a zero-day in one of its key email security platforms, the episode underscores the increasing sophistication of state-sponsored threats.

https://thehackernews.com/2026/01/cisco-patches-zero-day-rce-exploited-by.html