Daily Briefing for 04.24.26

Top stories.

1. FIRESTARTER malware remained on Cisco devices after patches were applied.
2. Open-source AI models may match Mythos's capabilities.
3. White House moves to fight foreign extraction of US AI capabilities.

FIRESTARTER malware remained on Cisco devices after patches were applied.

A state-sponsored APT deployed a backdoor on Cisco security devices running ASA or Firepower, exploiting two vulnerabilities (CVE-2025-20333 and CVE-2025-20362) that were patched in September, CyberScoop reports. Notably, the malware survives patches by embedding a persistence mechanism in the device's boot sequence, and devices that were breached before patches were applied may still be compromised. Cisco says customers can mitigate the infection by reimaging their devices.

The US Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) published a joint report yesterday analyzing the backdoor, dubbed "FIRESTARTER," which was discovered within the network of a US Federal agency. The report states, "FIRESTARTER is a Linux Executable and Linkable File (ELF) designed to execute on Cisco Firepower and Secure Firewall devices, serving as a C2 channel for remote access and control. The malware achieves persistence by detecting termination signals and relaunching itself, and it can survive firmware updates and device reboots unless a hard power cycle occurs."

While the security agencies and Cisco don't attribute the campaign to a particular nation-state, Cisco links the operation to an earlier attack campaign dubbed "ArcaneDoor," and CyberScoop notes that Censys researchers tied the ArcaneDoor campaign to a China-based threat actor.

Open-source AI models may match Mythos's capabilities.

At Black Hat Asia in Singapore, RunSybil CEO Ari Herbert-Voss said open-source AI models can identify software vulnerabilities as effectively as Anthropic's restricted Mythos model when used together in coordinated workflows, the Register reports. Herbert-Voss attributes Mythos's strength to "supralinear scaling," where allocating more training resources produces disproportionately greater results. He added that open-source models can achieve similar results when several of them are run together in a "scaffolding."

Meanwhile, SecurityWeek reports that one of China's largest security firms, Qihoo 360, claims that its cybersecurity-focused AI model discovered more than a thousand vulnerabilities during the Tianfu Cup hacking competition. ETH Zurich researcher Eugenio Benincasa analyzed this claim and concluded that 360's model is approaching Mythos's reasoning capabilities, but hasn't drawn even yet.

SecurityWeek notes that Antropic's own CEO, Dario Amodei, estimated that open-source models and Chinese companies would be able to match Mythos's cybersecurity capabilities within six to twelve months.

White House moves to fight foreign extraction of US AI capabilities.

NPR reports that the Trump administration has vowed to crack down on foreign entities, primarily in China, that are allegedly engaged in industrial-scale campaigns to "distill" capabilities from leading AI systems created by US companies. Michael Kratsios, the president’s chief science and technology adviser, said in a memo yesterday that these firms are "exploiting American expertise and innovation," adding the Trump administration will work with US AI companies to identify abuse, build defenses, and determine ways to punish offenders.

China’s Foreign Ministry spokesperson Guo Jiakun said in a statement, "China firmly opposes this. We urge the U.S. to respect facts, discard prejudice, stop suppressing China’s technological development, and do more to promote scientific and technological exchange and cooperation between the two countries."