Find notable cyber news and cases, enriched with sources, timelines, and signals.

Cisco AsyncOS security update for CVE-2025-20393

Security Patch Release
First reported
Last updated
Happening score
H score 58
1 unique sources, 1 articles

Summary

Hide ▲

Cisco released security updates for CVE-2025-20393 in Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, closing a maximum-severity remote-command-execution flaw. The fix matters because the vulnerability had already been used as a zero-day and could grant attackers root privileges on affected appliances. Cisco also removed persistence mechanisms linked to the attack campaign. Administrators need to move to the fixed AsyncOS releases and harden exposure around the affected email security systems.

Cases

Related Happenings

Cisco Unified Communications Manager security update for CVE-2026-20230

Security Patch Release
H score56 First: 04.06.2026 14:09 Last: 04.06.2026 14:09 Sources 1

About this happening: Cisco released **security updates** for **Cisco Unified Communications Manager (Unified CM)** to fix **CVE-2026-20230**, a **critical** flaw that could let a remote attacker reach...

Cisco ThousandEyes and Nexus security patches

Security Patch Release
H score31 First: 21.05.2026 15:04 Last: 21.05.2026 15:04 Sources 1

About this happening: Cisco released patches for **three medium-severity vulnerabilities** affecting **ThousandEyes Virtual Appliance**, **ThousandEyes Enterprise Agent**, and **Nexus 3000/9000 switche...

FIRESTARTER malware on Cisco ASA and FTD devices

Malware Activity
H score33 First: 23.04.2026 15:00 Last: 23.04.2026 15:00 Sources 1

About this happening: CISA has published analysis of **FIRESTARTER**, a malware strain that enables **remote access and control** on **Cisco Firepower** and **Secure Firewall** devices, raising the ris...

Latest development: 24.04.2026 23:34

CISA, NCSC-UK, and Cisco detailed Firestarter persistence on Cisco Firepower and Secure Firewall devices running ASA or FTD software, attributing the backdoor to UAT-4356 and linking the activity to ArcaneDoor. The malware modifies CSP_MOUNT_LIST, stores a copy in /opt/cisco/platform/logs/var/log/svc_samcore.log, restores itself to /usr/bin/lina_cs, and relaunches after termination or reboot; Cisco recommends reimaging and upgrading to fixed releases, or using a cold restart only if reimaging is not possible.

Cisco hit by cyberattack

Incident
H score18 First: 31.03.2026 20:53 Last: 31.03.2026 20:53 Sources 1

About this happening: The **Cisco** incident is a **cyberattack** on its **internal development environment** that exposed **source code** and **credentials**. Attackers used stolen credentials linked...

Interlock Cisco Secure Firewall Management Center zero-day exploitation wave

Exploitation Wave
H score59 First: 18.03.2026 18:53 Last: 18.03.2026 18:53 Sources 1

About this happening: A **zero-day exploitation wave** tied to **Interlock** has been hitting **Cisco Secure Firewall Management Center (FMC)**, putting **enterprise firewalls** at risk before patching...

Timeline

  1. 16.01.2026 07:38 2 articles · 5mo ago

    Cisco AsyncOS security update for CVE-2025-20393

    Initial Disclosure

    Cisco issued fixes for **CVE-2025-20393** on **Thursday** after confirming prior **zero-day** abuse of **AsyncOS** appliances. The update closes the main code-execution path and strips persistence artifacts associated with the campaign.

    Show sources