A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco Talos researchers have shared on Wednesday. First confirmed activity observed by a Cisco customer dates to early January 2024 but the actual attacks started in November 2023.

Source: Help Net Security