Signal
Critical Cisco firewall vulnerabilities exploited by persistent backdoor malware
Evidence first: scan the strongest sources, then decide whether to go deeper.
rss
cveexploitsmalwarethreat_actorsincident_responsesecurity_advisories
Trend in the last 24h
Current brief openSource links open
This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
In April 2026, multiple cybersecurity agencies including CISA, the UK National Cyber Security Centre, and the Canadian Centre for Cyber Security issued alerts about critical vulnerabilities in Cisco Secure Firewall ASA and FTD devices.
Entities
Cisco SystemsF5 NetworksFirestarterArcaneDoor
Score total
1.52
Momentum 24h
6
Posts
6
Origins
5
Source types
1
Duplicate ratio
0%
Why now
- Recent discovery of Firestarter persistence mechanism in April 2026 updates previous patch advisories.
- Emergency directives require immediate audits and memory analysis to mitigate ongoing risks.
- Heightened awareness is crucial as threat actors continue exploiting these vulnerabilities.
Why it matters
- The vulnerabilities affect critical network security infrastructure widely used in government and industry.
- The persistence of the Firestarter backdoor despite patches shows advanced threat actor capabilities.
- Ongoing unauthorized access risks data breaches and disruption of critical services.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- Cisco Secure Firewall ASA and FTD devices have critical vulnerabilities actively exploited by threat actors.
- The Firestarter backdoor malware persists through firmware updates by residing in the FXOS base operating system.
- A U.S. federal civilian agency was breached and had persistent unauthorized access through March 2026 via the Firestarter backdoor.
How sources frame it
- Cybersecurity And Infrastructure Security Agency (CISA)...: neutral
This briefing consolidates recent authoritative alerts on Cisco ASA and FTD vulnerabilities and the Firestarter backdoor, highlighting the persistence of state-sponsored threats despite patching efforts.
All evidence
All evidence
Cisco Security Advisories
sec.cloudapps.cisco.com · sec.cloudapps.cisco.com · 2026-04-23 15:18 UTC
F5 Products: CVSS (Max): None
AusCERT - Bulletins · portal.auscert.org.au · 2026-04-24 00:25 UTC
US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied
CyberScoop · cyberscoop.com · 2026-04-23 20:25 UTC
CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March
The Record (Recorded Future News) · therecord.media · 2026-04-23 19:03 UTC
AL25-012 - Vulnerabilities impacting Cisco ASA and FTD devices – CVE-2025-20333, CVE-2025-20362 and CVE-2025-20363 – Update 1
Canadian Centre for Cyber Security - Alerts · cyber.gc.ca · 2026-04-23 18:35 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -
Showing 5 / 0
Top publishers (this list)
- sec.cloudapps.cisco.com (1)
- AusCERT - Bulletins (1)
- CyberScoop (1)
- The Record (Recorded Future News) (1)
- Canadian Centre for Cyber Security - Alerts (1)
Top origin domains (this list)
- sec.cloudapps.cisco.com (1)
- portal.auscert.org.au (1)
- cyberscoop.com (1)
- therecord.media (1)
- cyber.gc.ca (1)