Overview

• Federal civilian agencies must install Cisco updates and report any compromises by the end of Friday under the emergency order.
• At least one U.S. government agency was breached in what officials describe as an advanced espionage campaign exploiting previously unknown flaws.
• Cisco began working with government customers in May, identified multiple zero‑day vulnerabilities, released patches, and urged customers to update immediately.
• CISA says it observed related activity as early as November 2024 and is aware of hundreds of potentially affected Cisco devices across the federal enterprise, with critical infrastructure operators asked to report confirmed incidents.
• Officials declined to confirm attribution as researchers warned attacks could escalate post‑patch, and the U.K. government characterized the hackers’ code as a significant evolution from prior tools.