• Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393)
• TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals
• Account Compromise Surged 389% in 2025, Says eSentire
• RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave
• Ransomware activity never dies, it multiplies
• Product showcase: Penetration test reporting with PentestPad
• As AI raises the stakes, app modernization and security are becoming inseparable
• New intelligence is moving faster than enterprise controls
• Who’s on the other end? Rented accounts are stress-testing trust in gig platforms
• New infosec products of the week: January 16, 2026
• Global Agencies Release New Guidance to Secure Industrial Networks
• Hackers Increasingly Shun Encryption in Favour of Pure Data Theft and Extortion
• CodeBuild Flaw Put AWS Console Supply Chain At Risk
• Cyber Threat Actors Ramp Up Attacks on Industrial Environments
• Sensitive data of Eurail, Interrail travelers compromised in data breach
• CISO Role Reaches “Inflexion Point” With Executive-Level Titles
• Data Privacy Teams Face Staffing Shortages and Budget Constraints, ISACA Warns
• ICE Agent Doxxing Site DDoS-ed Via Russian Servers
• Criminal Subscription Service Behind AI-Powered Cyber-Attacks Taken Out By Microsoft
• Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs

Cisco has finally shipped security updates for its Email Security Gateway and Secure Email and Web Manager devices, which fix CVE-2025-20393, a vulnerability in the devices’ AsyncOS that has been exploited as a zero-day by suspected Chinese attackers since at least late November 2025. The company revealed the flaw’s existence and in-the-wild exploitation on December 17, 2025, and urged customers to check whether their appliances had been breached and to rebuild them in case of …