By therecord.media
Publication Date: 2026-04-23 19:07:00
A U.S. agency was breached by sophisticated hackers in September through a vulnerability in Cisco firewalls.
The Cybersecurity and Infrastructure Security Agency (CISA) said the unnamed department was infected with malware called “FIRESTARTER” that allowed the hackers to return to the Cisco device in March without re-exploiting the original vulnerabilities.
CISA published an advisory on the FIRESTARTER malware and an updated directive ordering federal civilian agencies to take specific actions to check for infection.
CISA first warned of the issues in September, when it ordered all agencies to patch CVE-2025-30333 and CVE-2025-20362 — two vulnerabilities impacting Cisco Adaptive Security Appliances (ASA).
CISA said it was releasing revisions to the advisory on Thursday “in response to updated cyber threat intelligence concerning threat actors retaining persistence and continued unauthorized access to Cisco Firepower and Secure Firewall products with Adaptive Security…



