Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Unauthenticated Root Access
20 Mar 2026 Peter Bassill
Interlock ransomware exploited Cisco Secure Firewall Management Center zero-day CVE-2026-20131 (CVSS 10.0) as early as January 2026 — over a month before public disclosure. We examine the full attack chain, the tooling exposed by the threat actor's own opsec failure, and the mitigations every defender should apply immediately.