Cisco appliances targeted through new unpatched zero‑day.

Cisco says a China‑linked threat group has been exploiting a critical zero‑day in its Secure Email Gateway and Secure Email and Web Manager appliances to run commands with root privileges. Talos traced the activity to UAT‑9686 and found the attackers using tools such as AquaShell, AquaPurge, AquaTunnel, and Chisel to maintain access and pivot deeper into networks. The flaw remains unpatched, with no workarounds available, though Cisco has released indicators of compromise and mitigation guidance. CISA has added the bug to its KEV catalog, as other vendors, including SonicWall, report separate zero‑day exploitation campaigns.

Read more:

https://www.securityweek.com/china-linked-hackers-exploiting-zero-day-in-cisco-security-gear/