Interlock ransomware weaponizes Cisco FMC zero-day in pre-patch campaign

March 19, 2026 at 10:55 AM

•

1 min read

Interlock ransomware weaponizes Cisco FMC zero-day in pre-patch campaign — Photo: BleepingComputer

TL;DR Summary

Interlock has exploited a maximum-severity remote-code-execution zero-day in Cisco Secure Firewall Management Center (CVE-2026-20131) since Jan 26, 2026, gaining unauthenticated root access on unpatched devices; Cisco issued a patch on March 4, and Amazon’s threat intel says the attacks ran about 36 days before disclosure. The group has a history of high-profile attacks (including NodeSnake on UK universities) and researchers note a new Slopoly malware strain associated with the operation.

Topics:business #cisco-fmc #cve-2026-20131 #enterprise-security #interlock-ransomware #technology #zero-day

Share this article

Ransomware gang exploits Cisco flaw in zero-day attacks since January BleepingComputer
Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls Amazon Web Services (AWS)
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access The Hacker News
CISA orders feds to patch Zimbra XSS flaw exploited in attacks BleepingComputer
Ransomware crims abused Cisco 0-day weeks before disclosure theregister.com

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

90%

706 → 70 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights