The Interlock ransomware gang has been identified exploiting a critical zero-day vulnerability (CVE-2026-20131) in Cisco's Secure Firewall Management Center (FMC) since late January 2026. This maximum-severity flaw allows unauthenticated remote attackers to execute arbitrary Java code with root privileges. Amazon's threat intelligence team reported that the group possessed this exploit 36 days before Cisco issued a public patch on March 4, 2026.
Interlock, which emerged in late 2024, has been linked to various high-profile attacks and the deployment of advanced malware like NodeSnake and the AI-generated Slopoly. This incident is part of a broader trend of Cisco appliances being targeted, following several other zero-day patches released by the company earlier this year for AsyncOS and Unified Communications systems. Organizations are strongly urged to apply the available security updates immediately to mitigate risks.
Top comments (0)