The Cipher

Daily brief · Cyber · AI · Tech

Daily brief at 7am Melbourne. Unsubscribe any time.

← The Cipher

Saturday 25 April 2026

The Firewall That Became the Front Door: FIRESTARTER Backdoor Survives on Federal Cisco Devices

A firewall backdoor that outlasts patches, Google bets $40B on Anthropic, DeepSeek closes the frontier gap, and a pre-Stuxnet sabotage tool gets its first public autopsy.

Lead story

The Firewall That Became the Front Door: FIRESTARTER Backdoor Survives on Federal Cisco Devices

A joint advisory from CISA and the UK's National Cyber Security Centre dropped overnight with a finding that should keep network defenders up at night: a custom backdoor called FIRESTARTER was planted on a US federal civilian agency's Cisco Firepower device running ASA software back in September 2025 — and it kept working even after security patches were applied.

That last part is the headline within the headline. Patching is the bedrock assumption of most incident response playbooks. You find the vulnerability, you patch it, you move on. FIRESTARTER is specifically designed to survive that process. Once it's in, it maintains persistent remote access and control of the infected device, meaning a successful patch doesn't evict the attacker — it just closes the door they used to get in the first time.

What we know about the malware. FIRESTARTER is a purpose-built backdoor, not an off-the-shelf tool. It targets Cisco Firepower devices running either Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software — network security gear that sits at the edge of enterprise and government networks. Compromising a firewall isn't just compromising a device; it's compromising the entity that decides what traffic is legitimate. An attacker with control of your firewall can see everything, redirect traffic, and stay invisible while doing it.

CISA and the NCSC haven't publicly attributed the attack to a specific threat actor, but the choice of target — a federal civilian agency — and the sophistication of an implant engineered for post-patch persistence are markers consistent with nation-state tradecraft.

Why this matters beyond the affected agency. The advisory explicitly flags that other Cisco Firepower and ASA deployments should be treated as potentially at risk. That's a lot of infrastructure. Cisco's firewall products are among the most widely deployed in the world, particularly in government and critical infrastructure environments. If FIRESTARTER is being used broadly (and there's reason to think this wasn't a one-off), defenders running these devices need to assume that patching alone isn't sufficient remediation.

The implication is uncomfortable: if your device was compromised before you patched, you may still be compromised after. A clean bill of health from a patch scan and a fully compromised network can coexist.

What defenders should do now. Both agencies recommend going beyond standard patch verification. That means checking for unexpected processes, unusual outbound connections, and configuration changes that predate known compromise windows. Forensic analysis of device firmware and persistent storage — not just the operating environment — is the right call here. CISA has published indicators of compromise in the advisory.

Watch for. Attribution is the obvious next shoe to drop. The sophistication of this implant and the choice of a federal target narrows the field considerably. Also worth watching: whether FIRESTARTER turns up on non-government Cisco deployments in the coming weeks. If it does, this advisory will look like the quiet opening of a much larger conversation.

Also today

Google Doubles Down on Anthropic With $40B Bet

Google has committed up to $40 billion in a combined cash and compute investment in Anthropic, making it one of the largest single AI investments ever recorded. The deal cements Google's position as Anthropic's primary infrastructure partner and gives Anthropic the resources to compete directly with OpenAI at the frontier. It comes on the heels of Anthropic's limited release of its Mythos security-focused model, which has drawn significant enterprise attention. For Google, the investment is as much about locking in cloud compute consumption as it is about backing an AI horse — Anthropic workloads running on Google Cloud represent a substantial long-term revenue stream.

TechCrunch

DeepSeek V4 Previewed — Frontier Performance, Fraction of the Cost

DeepSeek has previewed its V4 model family, claiming it has nearly closed the gap with leading frontier models on reasoning benchmarks while achieving meaningfully better efficiency than its predecessor, V3.2. The Hugging Face write-up highlights a million-token context window that the team says is genuinely usable by agentic workflows — not just a spec sheet number. If the benchmarks hold up under independent testing, DeepSeek V4 continues the pattern the Chinese lab established last year: matching or approaching Western frontier quality at a fraction of the training and inference cost. That pattern is precisely what's driving Washington's increasingly aggressive posture on AI export controls.

TechCrunch

Pre-Stuxnet Sabotage Malware 'Fast16' Gets Its First Public Autopsy

Researchers have finally reverse-engineered Fast16, a piece of sabotage malware that appears to predate Stuxnet by roughly five years. Created around 2005 and likely aimed at Iran's nuclear programme, Fast16 targeted high-precision calculation and simulation software, silently corrupting results rather than destroying equipment outright. It also packed a self-propagation mechanism. Wired's reporting, drawing on primary research, suggests the code was almost certainly developed by the US or a close ally. The find is historically significant — it suggests the playbook for nation-state industrial sabotage via software was being written well before Stuxnet became the public archetype for that kind of attack.

WIRED Security

Bitwarden npm Package Hit in Supply Chain Attack

A supply chain attack linked to a group calling itself TeamPCP has compromised a Bitwarden-related npm package, according to Checkmarx researchers. The incident references a worm dubbed Shai-Hulud, though details on its payload are still emerging. Supply chain attacks targeting password manager tooling are in a category of their own for severity: the attack surface is every developer or organisation that pulled the affected package. Bitwarden's core product hasn't been confirmed as directly compromised, but any contamination in the broader ecosystem around a credential manager warrants close attention. Affected package versions and remediation steps are expected in a full Checkmarx disclosure.

SecurityWeek

LMDeploy SSRF Flaw Exploited Within 13 Hours of Disclosure

A high-severity server-side request forgery vulnerability in LMDeploy — a widely used open-source toolkit for deploying and serving large language models — was under active exploitation less than 13 hours after it was publicly disclosed. Tracked as CVE-2026-33626 with a CVSS score of 7.5, the flaw could be abused to access sensitive data from internal systems. The speed of exploitation underscores a pattern defenders know well: AI infrastructure tooling is now squarely in attackers' sights, and the window between disclosure and active exploitation has collapsed. Organisations running LMDeploy in production should treat patching as urgent.

The Hacker News

ShinyHunters Claims Carnival Breach, 7.5M Emails Alleged

The prolific ShinyHunters group is claiming responsibility for a breach of cruise operator Carnival, asserting they've obtained 7.5 million customer email addresses. Carnival hasn't confirmed the full scope of the incident. ShinyHunters has a track record of credible claims backed by real data — they've been tied to breaches at Ticketmaster, Santander, and others — so the allegation deserves to be taken seriously until proven otherwise. For affected customers, the immediate risk is targeted phishing using legitimate-looking booking or loyalty programme lures. Carnival customers should be on alert for suspicious communications.

The Register

Tim Cook to Step Down as Apple CEO in September

Tim Cook has confirmed he will step down as Apple's chief executive in September, with hardware engineering chief John Ternus set to take over. Cook's tenure oversaw Apple's transformation into the world's most valuable company — the iPhone, services revenue, and the M-series silicon transition all happened on his watch. Ternus inherits a formidable business but faces real headwinds: the App Store's revenue model is under sustained regulatory pressure, Apple Intelligence has yet to land convincingly against rivals, and the post-smartphone hardware roadmap remains undefined. The succession has been widely anticipated, but the official timing still marks a genuine inflection point for the industry's most closely watched company.

TechCrunch

Tropic Trooper Targets Chinese Speakers via Trojanised PDF Reader

The Chinese-linked APT known as Tropic Trooper has been caught running a campaign that distributes a trojanised version of the SumatraPDF reader to deploy the AdaptixC2 post-exploitation framework. Unusually, the group is targeting Chinese-speaking individuals rather than its more typical government and critical infrastructure victims. The campaign also abuses Microsoft Visual Studio Code tunnels for persistent remote access — a living-off-the-land technique that makes detection significantly harder because the traffic blends in with legitimate developer tooling. Zscaler ThreatLabz attributed the activity with high confidence. The choice of a trusted, open-source PDF reader as a delivery vehicle is a textbook supply-of-trust attack.

The Hacker News

26 Fake Crypto Wallet Apps Found on the App Store

Kaspersky researchers have identified 26 malicious apps on the Apple App Store impersonating popular cryptocurrency wallets. The apps have been active since at least late 2025 and are designed to harvest seed phrases and private keys. When launched, they redirect users to browser pages that mimic the App Store and serve up trojanised versions of legitimate wallet software. The campaign is notable for successfully evading Apple's review process at scale — 26 apps is not a rounding error. Crypto users relying on the App Store as a security backstop should verify wallet apps against official developer websites before trusting them with anything.

The Hacker News

Weak EV Charger Security Could Let Attackers Kill a City's Grid

New research has found that publicly deployed EV chargers contain security flaws serious enough to allow a remote attacker to disable all of a city's public charging infrastructure simultaneously. The vulnerabilities stem from poor IoT security practices — unencrypted communications, hardcoded credentials, and a lack of authentication on management interfaces. Beyond the inconvenience angle, the researchers note the risk extends to grid stability: coordinated manipulation of a large fleet of chargers could be used to create artificial demand spikes. As EV adoption accelerates, the attack surface on charging infrastructure is growing faster than the security standards governing it.

The Register

Section 702 Reauthorisation Bill Pleases Almost Nobody

A new bill to reauthorise Section 702 of FISA — the surveillance authority that lets US intelligence agencies collect communications from foreign targets, with incidental collection of Americans' data — is drawing criticism from both civil liberties advocates and national security hawks ahead of an April 30 expiry deadline. Critics argue the latest draft uses procedural sleight of hand to appear reformist while preserving the FBI's ability to query collected data without a warrant. The bill's sponsors are racing the calendar, but opposition is broad enough that a clean extension looks uncertain. The stakes are significant: Section 702 underpins a substantial chunk of US foreign intelligence collection.

WIRED Security

Sources consulted