Threat actors exploited critical vulnerabilities in Cisco ASA/Firepower devices (CVE-2025-20333, CVSS 9.9, and CVE-2025-20362, CVSS 6.5) to compromise a US federal agency, deploying Line Viper and FIRESTARTER malware for persistent access. Affected versions include Cisco ASA Software 9.12 prior to 9.12.4.72, 9.14 prior to 9.14.4.28, 9.16 prior to 9.16.4.85, and other specified ranges. CISA mandates immediate action, including malware checks and device inventory submissions, and warns that patching alone does not remove established persistence.
Malware , Critical Infrastructure Security , Government security , Vulnerability Management , Patch/Configuration Management CISA: Malware attack compromises US agency via Cisco exploit April 24, 2026 Share By SC Staff Attacks weaponizing the Cisco Adaptive Security Appliance vulnerabilities, tracked as CVE-2025-20333 and CVE-2025-20362, were reported by the Cybersecurity and Infrastructure Security Agency to have successfully compromised a federal civilian executive branch agency with the FIRESTARTER malware in September, according to The Record , a news site by cybersecurity firm Recorded Future. Infiltration of the federal agency's Cisco Firepower device allowed threat actors to inject the Line Viper malware that created illegitimate VPN sessions and facilitated universal access to the device's files before deploying FIRESTARTER for persistent access, according to a CISA advisory done in partnership with the UK National Cyber Security Centre. Such a breach has prompted CISA to require federal agencies to submit malware check confirmations by midnight of Apr. 24, as well as provide Cisco Firepower device inventories by May 1. "Agencies who have completed the security update requirements are still susceptible to persistence and therefore must complete the updated required actions within this V1 ED. Organizations should not unplug the device unless directed to do so by CISA," said the advisory. SC Staff Related Malware Threat of ZionSiphon malware downplayed SC Staff April 24, 2026 Dragos technical lead malware analyst Jimmy Wylie said threat groups that had launched intrusions targeting critical infrastructure, such as water treatment facilities, are more concerning compared with the recently reported ZionSiphon malware targeting Israeli water facilities, reports CyberScoop. Data Security GopherWhisper: China-linked hackers target governments with custom Go toolkit SC Staff April 24, 2026 ESET research revealed GopherWhisper's tactics, which include deploying multiple Go-based backdoors like LaxGopher and RatGopher, along with a C++ backdoor named SSLORDoor. Malware Mustang Panda expands cyber espionage to India’s financial sector and South Korean politics SC Staff April 23, 2026 China-linked hacking group Mustang Panda has broadened its cyber espionage operations, now targeting India's financial sector and political circles in South Korea. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Adware Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds