Zero-dayApr 23, 2026
We’ve updated Emergency Directive 25-03 in response to cyber threat actors using FIRESTARTER malw...
CISA updates Emergency Directive 25-03 for FIRESTARTER malware targeting Cisco firewalls.
Summary
CISA has issued an updated Emergency Directive 25-03 addressing active exploitation of Cisco Firepower and Secure Firewall devices by threat actors using FIRESTARTER malware to establish persistent remote access and control. The directive includes recommended mitigation and remediation actions for federal agencies and critical infrastructure operators.
Indicators of Compromise
- malware — FIRESTARTER
Entities
Cisco Firepower (product)Cisco Secure Firewall (product)Cisco (vendor)CISA (vendor)