Security Digest — 2026-04-25

Today’s landscape is dominated by the disclosure of persistent Firestarter malware on federal Cisco firewalls, a new Linux root-privilege flaw, and notable EU/US moves on financial-sector resilience and cross-border fraud enforcement.

---

Vulnerabilities & Exploits

Firestarter malware survives Cisco firewall updates, security patches

BleepingComputer — U.S. and U.K. cybersecurity agencies are warning about custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall appliances running ASA or FTD software, surviving reboots and patching cycles.

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

The Hacker News — CISA disclosed that an unnamed federal civilian agency’s Cisco Firepower device running ASA software was compromised in September 2025 with the FIRESTARTER backdoor, which CISA and the U.K.’s NCSC jointly assess as a remote-access implant.

New ‘Pack2TheRoot’ flaw gives hackers root Linux access

BleepingComputer — A newly disclosed vulnerability in the PackageKit daemon, dubbed Pack2TheRoot, lets local Linux users install or remove system packages and escalate to root permissions.

New BlackFile extortion group linked to surge of vishing attacks

BleepingComputer — A financially motivated group tracked as BlackFile has been conducting data-theft and extortion attacks against retail and hospitality organizations since February 2026, with voice-phishing as a primary entry vector.

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

The Hacker News — NASA’s Office of Inspector General revealed a long-running spear-phishing campaign in which a Chinese national posed as a U.S. researcher to exfiltrate sensitive information from the agency, other government entities, universities, and private companies in violation of export-control laws.

Glasswing Secured the Code. The Rest of Your Stack Is Still on You

Dark Reading — Forgotten integrations, shadow IT, SaaS sprawl, and now shadow AI and agents are expanding the attack surface so broadly that adversaries don’t need sophisticated AI models to take advantage.

Policy & Compliance

US Busts Myanmar Ring Targeting US Citizens in Financial Fraud

Dark Reading — U.S. authorities charged 29 people, including a Cambodian senator, and seized more than 500 web domains tied to fake investment sites in a cross-border financial-fraud takedown.

Microsoft to roll out Entra passkeys on Windows in late April

BleepingComputer — Microsoft is enabling phishing-resistant, passwordless authentication via passkeys for Entra-protected resources from Windows devices beginning in late April.

DORA and operational resilience: Credential management as a financial risk control

BleepingComputer — Article 9 of the EU’s DORA regulation turns authentication and access control into a legal obligation for financial entities, with concrete requirements for credential management and clear consequences when controls are missing.

Windows Update gets new controls to reduce forced restarts

BleepingComputer — Microsoft is adding user controls to Windows Update that reduce disruption from poorly timed restarts while keeping devices current on security patches.