Wednesday , July 1 2026
zero-day

Cisco and SonicWall warn zero-day exploited in attacks

Cisco warned customers maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. This yet-to-be-patched zero-day (CVE-2025-20393) affects only Cisco SEG and Cisco SEWM appliances with non-standard configurations, when the Spam Quarantine feature is enabled and exposed on the Internet.

Cisco Talos researcher believe that Chinese threat group UAT-9686 targeting the the flaw to run arbitrary commands as root and install persistent backdoors like AquaShell, along with AquaTunnel and Chisel reverse SSH malware, and a log-clearing tool called AquaPurge. Indicators of compromise can be found in a GitHub repository.

Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising...
Read More
Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Chrome Update Patches 382 Vulnerabilities, Including 15 Critical

Chrome 151 has a new update that fixes 382 security problems. This includes 15 critical issues that could allow attackers...
Read More
Chrome Update Patches 382 Vulnerabilities, Including 15 Critical

Apple fixes more than 30 iOS, macOS, and Safari flaws

Apple released security updates on Monday for iOS, macOS, and Safari. These updates fix more than thirty issues, including four...
Read More
Apple fixes more than 30 iOS, macOS, and Safari flaws

Attackers exploit critical flaw in Oracle E-Business

Attackers are now using a flaw (called CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial app, according to the security...
Read More
Attackers exploit critical flaw in Oracle E-Business

WhatsApp to allow usernames instead of phone numbers

WhatsApp is about to release a big update that may change how people communicate on the app. Soon, users can...
Read More
WhatsApp to allow usernames instead of phone numbers

Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem

The Linux Foundation said on Thursday that they are starting a new project to fix flaws in open source software...
Read More
Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem

Data breach affects 14.2 million email logins across six ISPs

KDDI Corporation, a Japanese telecom company, revealed a data breach. Hackers got into one of its email systems that five...
Read More
Data breach affects 14.2 million email logins across six ISPs

Asian Two AI startups launch Mythos-like Model

Two Asian AI companies have released new models this week that compete with Anthropic’s recently limited Mythos and Fable models,...
Read More
Asian Two AI startups launch Mythos-like Model

Polymarket Hack Reportedly Results in $3 Million Theft

Polymarket is a platform for prediction markets using cryptocurrency. It lets users bet on what might happen in real-life events...
Read More
Polymarket Hack Reportedly Results in $3 Million Theft

Anthropic Confirms US Infrastructure Redeployment of Claude Mythos 5

Anthropic said that Claude Mythos 5, its strongest AI security model, will be sent back to some U.S. orgs that...
Read More
Anthropic Confirms US Infrastructure Redeployment of Claude Mythos 5

AquaTunnel and other malicious tools used in these attacks have been previously associated with Chinese state-backed hacking groups like UNC5174 and APT41.

“We assess with moderate confidence that the adversary, who we are tracking as UAT-9686, is a Chinese-nexus advanced persistent threat (APT) actor whose tool use and infrastructure are consistent with other Chinese threat groups,” Cisco Talos said in a Wednesday advisory.

“As part of this activity, UAT-9686 deploys a custom persistence mechanism we track as AquaShell accompanied by additional tooling meant for reverse tunneling and purging logs.”

The company urged admins to protect vulnerable devices by limiting internet access, allowing connections only from trusted hosts, and placing them behind firewalls.

Admins should separate mail handling from management, monitor web logs for unusual activity, and keep logs for investigations.

Disable unnecessary services, update to the latest Cisco AsyncOS software, use strong authentication like SAML or LDAP, change default passwords, and secure management traffic with SSL or TLS certificates.

SonicWall SMA1000 zero-day exploited: 

SonicWall alerted customers to update the SonicWall SMA1000 Appliance Management Console due to a vulnerability linked to zero-day attacks that could escalate privileges.

SonicWall reported a medium-severity local privilege escalation flaw (CVE-2025-40602) identified by Clément Lecigne and Zander Work from the Google Threat Intelligence Group. This issue does not impact SSL-VPN on SonicWall firewalls.

“SonicWall PSIRT strongly advises users of the SMA1000 product to upgrade to the latest hotfix release version to address the vulnerability,” the company said in a Wednesday advisory.

Check Also

CVE-2026-20230

Cisco Unified CM flaw CVE-2026-20230 exploited in attacks

A serious SSRF flaw, called CVE-2026-20230, in Cisco Unified Communications Manager Server is now being …