Renewed "ArcaneDoor" Campaign Targeting 0-day Vulnerabilities in Cisco ASA (Campaign)

Renewed "ArcaneDoor" activity is exploiting two zero-day Cisco ASA vulnerabilities (CVE-2025-20333 — RCE, and CVE-2025-20362 — local privilege escalation) in the wild; NCSC and CISA corroborate the activity, attribute it to the same actor behind the early‑2024 ArcaneDoor campaign, and report use of malware dubbed RayInitiator and LINE VIPER, with US federal remediation mandated by September 26, 2025.