US EditionRansomware crims abused Cisco 0-day weeks before disclosure
Interlock exploited the Cisco zero-day vulnerability for over a month before patch release, targeting hospitals, government, and industrial sectors with data theft and extortion tactics.
- On Wednesday, Amazon Integrated Security reported that Interlock ransomware exploited a zero-day vulnerability in Cisco Secure Firewall Management Center for 36 days before public disclosure on March 4.
- Amazon Threat Intelligence identified that the group used CVE-2026-20131 to gain root access, confirming "Interlock had a zero-day in their hands, giving them a week's head start to compromise organizations."
- Moses, chief information security officer of Amazon Integrated Security, wrote that attackers deployed legitimate remote access tools alongside custom malware, creating "multiple redundant remote access mechanisms" for persistence.
- Cisco updated its security advisory following the findings, while the Cybersecurity and Infrastructure Security Agency added two of the nine recently disclosed vulnerabilities to its catalog of known exploited threats.
- Five of the nine vulnerabilities Cisco disclosed in its firewalls and SD-WAN systems over the past three weeks have been exploited in the wild, prompting urgent customer upgrades.
12 Articles
12 Articles
Cisco’s latest vulnerability spree has a more troubling pattern underneath
Cisco customers have confronted a flood of actively exploited vulnerabilities affecting the vendor’s network edge software since late February, and researchers say that five of the nine vulnerabilities Cisco disclosed in its firewalls and SD-WAN systems over the past three weeks have already been exploited in the wild. Attackers exploited a pair of these defects — zero-day vulnerabilities in Cisco SD-WANs — for at least three years before the v…
U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog Pierluigi Paganini March 19, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Secure Firewall Manageme…
Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared
One of the world’s most active ransomware groups, Interlock, started exploiting a critical-rated Cisco firewall vulnerability as a zero day weeks before it was patched in early March, Amazon has revealed. The vulnerability in question is CVE-2026-20131, a remotely exploitable deserialization flaw in Cisco Secure Firewall Management Center (FMC) Software which was given a maximum 10 CVSS score. When Cisco released a patch for it on March 4 as par…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
