CISA: Malware attack compromises US agency via Cisco exploit

Attacks weaponizing theCisco Adaptive Security Appliance vulnerabilities, tracked as CVE-2025-20333 and CVE-2025-20362,were reported by the Cybersecurity and Infrastructure Security Agency to have successfully compromised a federal civilian executive branch agency with the FIRESTARTER malware in September, according toThe Record, a news site by cybersecurity firm Recorded Future.Infiltration of the federal agency’s Cisco Firepower device allowed threat actors to inject the Line Viper malware that created illegitimate VPN sessions and facilitated universal access to the device’s files before deploying FIRESTARTER for persistent access, according to a CISA advisory done in partnership with the UK National Cyber Security Centre. Such a breach has prompted CISA to require federal agencies to submit malware check confirmations by midnight of Apr. 24, as well as provide Cisco Firepower device inventories by May 1.”Agencies who have completed the security update requirements are still susceptible to persistence and therefore must complete the updated required actions within this V1 ED. Organizations should not unplug the device unless directed to do so by CISA,” said the advisory.

T&T – US to Support Cyber Defense Program in The Country

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

Houston teen made other cyber threats before Beth Israel attack plot

What are passkeys and why do UK cyber chiefs want us to use them?

Unmasking hidden threats: adaptive encrypted malware detection via FC-MAE

Ransomware supply chain untangled by RAMP forum leak

Threat of ZionSiphon malware downplayed