Table of contents
- A major cyberattack against US digital defenses
- The exploited flaws: CVE-2025-20333 and CVE-2025-20362
- CISA’s urgent directive
- Risks to critical infrastructure
- A global wake-up call
A major cyberattack against US digital defenses
Hackers breached Cisco firewalls used by several US federal agencies, compromising the security of the nation’s critical infrastructure. The revelation comes from a CISA (Cyber Security and Infrastructure Security Agency)investigation reported by Bloomberg.
Preliminary findings suggest attackers exploited unpatched vulnerabilities to infiltrate widely deployed government security devices.
The exploited flaws: CVE-2025-20333 and CVE-2025-20362
Sources point to links with the CVE-2025-20333 and CVE-2025-20362 vulnerabilities, previously flagged by CyberScoop.
These weaknesses affect Cisco Adaptive Security Appliances (ASA), devices designed to block threats, but when outdated, they become gateways for cybercriminals.
CISA’s urgent directive
The CISA has issued an emergency directive requiring all federal agencies to:
- conduct immediate compromise assessments;
- disable infected devices;
- apply available security patches or retire legacy equipment no longer supported.
The compliance deadline is set for Friday, September 26, aiming to prevent further infiltrations.
Risks to critical infrastructure
The breach raises major concerns: firewalls are the frontline defense against cyberattacks. Their compromise may have exposed sensitive networks tied to energy, defense, transportation, and finance.
If confirmed, this incident could mark one of the most severe cases of government cyber intrusion in recent years, with significant geopolitical consequences.
A global wake-up call
This attack highlights the dangers of delaying security updates and shows that cyber resilience must be a top priority for governments and enterprises.
The US case is also a warning for Europe and Italy: protecting digital infrastructure means protecting national stability.
