Cisco Firepower Device Compromised by FIRESTARTER Malware

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported that a Cisco Firepower device used by a federal agency was compromised in September 2025 by malware known as FIRESTARTER. This malware acts as a backdoor, allowing unauthorized remote access to the device. Despite efforts to patch the system, FIRESTARTER reportedly continues to function, posing ongoing security risks. The malware was also assessed by the U.K.'s National Cyber Security Centre (NCSC). This incident highlights vulnerabilities in cybersecurity measures that can be exploited even after updates are applied. Organizations using similar technology should remain vigilant and enhance their security protocols. Source: [publication name].