A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard configurations (…) are what we have observed as being compromised by the attack,” they noted. According to the accompanying advisory, the attackers exploited CVE-2025-20393, a vulnerability stemming from improper input validation, to execute arbitrary commands with root … More →The post Cisco email security appliances rooted and backdoored via still unpatched zero-day appeared first on Help Net Security.