#aws-iam

Cisco AsyncOS zero-day CVE-2025-20393 was actively exploited against Secure Email Gateway and Secure Email and Web Manager appliances, with attacks linked to the Chinese-nexus group UAT-9686. SonicWall also confirmed in-the-wild exploitation of CVE-2025-40602 affecting SMA1000 appliances, while React2Shell CVE-2025-55182 enabled rapid Weaxor ransomware deployment on exposed servers. Amazon warned of cryptomining campaigns abusing compromised AWS IAM credentials, alongside FBI and French law enforcement actions disrupting ransomware laundering and responding to a government breach.