Cisco have found an in the wild zero day in Cisco Secure Email Gateway And Cisco Secure Email and Web Manager being used to backdoor appliances for later access.
Now CVE-2025-20393.
No patch available.
They recommend nuking boxes and reinstalling from scratch if you opened spam quarantine port (6025) to internet, and closing port.
It is unclear how long boxes have been backdoored for.
Port isn't scanned by @npub1l5lj...hq7p yet so scope isn't known.
Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager
On December 10, Cisco became aware of a new cyberattack campaign targeting a limited subset of appliances with certain ports open to the internet t...