Cisco Hit by Dual Cyberattacks: China-Linked APT and Massive VPN Brute Force Campaign

Cisco hit by major cybersecurity breaches: UAT-9686 exploits zero-day in email security, while IPs attack VPNs; urgent patches underway.

By Content Team

Dec 20, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cisco faced two major security incidents this month. First, a Chinese threat group called UAT-9686 exploited a critical zero-day vulnerability (CVE-2025-20393) in Cisco's email security appliances, gaining root access and deploying custom malware including AquaShell backdoor. The flaw affects systems with Spam Quarantine features exposed to the internet and remains unpatched.

Separately, over 10,000 IP addresses launched brute force attacks against Cisco SSL VPNs and Palo Alto GlobalProtect systems, generating 1.7 million authentication attempts in 16 hours. The automated campaign primarily targeted US, Mexican, and Pakistani organizations before abruptly ending. Cisco is developing patches while recommending customers take Spam Quarantine offline immediately.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

FortiGate Firewalls Under Automated Attack Since January 15

Jan 26, 2026

Foster City Declares Emergency After Ransomware Attack Shuts Down City Network

Mar 25, 2026

What to Do When You Get a Data Breach Notice

Mar 4, 2026

Ivanti Zero-Days Hit European Governments in Fresh Attack Wave

Feb 13, 2026