Vulnerability

2 articles tagged with "Vulnerability".

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Unauthenticated Root Access

20 Mar 2026 Peter Bassill

Interlock ransomware exploited Cisco Secure Firewall Management Center zero-day CVE-2026-20131 (CVSS 10.0) as early as January 2026 — over a month before public disclosure. We examine the full attack chain, the tooling exposed by the threat actor's own opsec failure, and the mitigations every defender should apply immediately.

Cisco FMC CVE-2026-20131 Defence-in-Depth Interlock Ransomware Java Deserialization Network Security Ransomware Threat Intelligence Vulnerability Zero-Day

CVE-2026-32746 Enables Unauthenticated Root RCE

18 Mar 2026 Peter Bassill

A critical, as-yet-unpatched buffer overflow in GNU InetUtils telnetd allows any unauthenticated attacker to achieve remote code execution as root via a single connection to TCP port 23 — no credentials, no user interaction required. A fix is expected by 1 April 2026. Organisations should disable Telnet immediately if it is not strictly necessary.

Buffer Overflow CVE-2026-32746 GNU InetUtils Network Security RCE Telnet Vulnerability Zero-Day