The Interlock ransomware operation has been actively exploiting a maximum-severity remote code execution (RCE) vulnerability (CVE-2026-20131) in Cisco's Secure Firewall Management Center (FMC). Amazon's threat intelligence team revealed that the gang utilized this zero-day exploit for 36 days prior to Cisco's official patch on March 4, 2026. The flaw allows unauthenticated attackers to execute arbitrary Java code with root privileges, providing a significant foothold into enterprise networks.
Interlock, which emerged in late 2024, has a history of targeting high-profile sectors including healthcare and education. This latest campaign underscores the group's evolving capabilities, which include the use of AI-generated malware and sophisticated zero-day exploitation strategies. Cisco has since urged all customers to apply the necessary security updates to mitigate the risk of compromise.
Top comments (0)