Feds Isolate Cisco Firewalls to Defend Against 'Arcane Door'

CISA Issues Emergency Directive After Cisco Exploits Persist After Reboot Chris Riotta (@chrisriotta) • September 25, 2025

The Cybersecurity and Infrastructure Security Agency is warning that a hacking campaign targeting Cisco firewalls exploits zero-day vulnerabilities that persist through reboots and system upgrades.

See Also: When Identity Protection Fails: Rethinking Resilience for a Modern Threat Landscape

The U.S. cyber defense agency published an emergency directive Thursday ordering federal agencies to disconnect unsupported devices and assess for compromise after uncovering a widespread hacking campaign, dubbed "Arcane Door," targeting Cisco's adaptive security appliances.

Cisco previously released multiple patches in April 2024 - two for critical vulnerabilities- after confirming that hackers had embedded malware in its adaptive security appliances and firepower threat defense software (see: Cisco Fixes Firewall 0-Days After Likely Nation-State Hack).

"The risks apply to any organization using these devices," Chris Butera, acting executive assistant director for CISA ...