FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

SITREP: In September 2025, a Cisco Firepower device utilized by a federal civilian agency was compromised by malware known as FIRESTARTER, which is designed for remote access. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed the breach despite security patches being applied. TACTICAL ASSESSMENT: This incident highlights vulnerabilities in critical infrastructure security, particularly in federal cybersecurity measures. The ability of FIRESTARTER to bypass security patches raises concerns about the effectiveness of current defense strategies against sophisticated cyber threats. PROJECTED VECTORS: Future attacks may target other federal systems or exploit similar vulnerabilities in widely used cybersecurity devices.