Cisco ASA Zero-Day Exploited in State-Espionage Campaign

Cisco ASA Zero-Day Exploited in State-Espionage Campaign

First seen 17 Dec 2025, 18:55 UTC CisecurityCrnFilestore.FortinetSecurityboulevardCsa.Sg+18 65% similarity 50.0

Article Content

Browse articles
ThreatCluster

Cisco disclosed a state-espionage campaign targeting its Adaptive Security Appliances (ASA), which are used for firewall and VPN functions. Attackers exploited two zero-day vulnerabilities to infiltrate government entities globally, deploying custom malware backdoors named 'Line Runner' and 'Line Dancer' to alter configurations and conduct reconnaissance.

ThreatCluster AI

Community

Browse all →