InfoSecBulletin Cybersecurity for mankind
Security researchers found at least 120 Cisco Secure Email Gateway and Cisco Secure Email and Web Manager devices vulnerable to a critical zero-day flaw that is being actively exploited.
CVE-2025-20393 is a vulnerability with no patch available, putting organizations at risk. Threat intelligence from Shadowserver Foundation indicates that vulnerable devices are part of over 650 exposed Cisco email security appliances available online.
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
CVE-2026-0257
Palo Alto Warns of GlobalProtect VPN Vuln Actively Exploited
BD Gov.t to set up Tk192.66cr AI hub with support from Koica
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases With Zero Authentication
Anthropic disables Fable 5 and Mythos 5 Access after US order limiting foreign access
The discovery raises major concerns for organizations that depend on these systems to filter harmful emails and protect against phishing and malware.
Cisco has acknowledged the vulnerability and released a security advisory urging organizations to implement immediate defensive measures.
The networking company advises affected clients to check their security settings and implement temporary fixes until a permanent solution is ready. Organizations can find detailed guidance on Cisco’s Security Advisory portal.
Organizations continue to struggle with zero-day vulnerabilities, especially in vital components like email gateways. Security teams using Cisco Secure Email Gateway and Web Manager should quickly review the advisory and implement the recommended countermeasures.
In the mean time, a simple Python script to help organizations quickly detect exposure to CVE-2025-20393, a critical zero-day vulnerability in Cisco Secure Email Gateway (SEG) and Secure Malware Analytics (SMA).
The “Cisco SMA Exposure Check” tool identifies open ports and services exploited in recent attacks, as noted in Cisco’s advisory.
GitHub user StasonJatham released a script today that identifies indicators of compromise related to a vulnerability. This flaw lets unauthorized remote attackers run arbitrary code through exposed management and quarantine interfaces.
The tool scans and identifies HTTP/S signatures by examining server headers, status codes, redirects, authentication realms, Cisco keywords, and version patterns. It also checks common paths like /quarantine, /spamquarantine, /spam, /sma-login, and /login.
It also grabs raw socket banners and flags indicators of active exploitation, including strings like “AquaShell,” “AquaTunnel,” “Chisel,” and “AquaPurge” – hallmarks of post-compromise tools observed in the wild.
Tool Unveil to Detect Cisco Secure Email Gateway 0-Day Vulnerability
