Ransomware crims abused Cisco 0-day weeks before disclosure

Cisco’s latest vulnerability spree has a more troubling pattern underneath

Cisco customers have confronted a flood of actively exploited vulnerabilities affecting the vendor’s network edge software since late February, and researchers say that five of the nine vulnerabilities Cisco disclosed in its firewalls and SD-WAN systems over the past three weeks have already been exploited in the wild.  Attackers exploited a pair of these defects — zero-day vulnerabilities in Cisco SD-WANs — for at least three years before the v…

Ransomware crims abused Cisco 0-day weeks before disclosure

Interlock's post-exploit toolkit exposed Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according to Amazon security boss CJ Moses.…

Ransomware gang exploits Cisco flaw in zero-day attacks since January

The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since late January.

Cisco Firewall Zero-Day Actively Exploited to Deliver Interlock Ransomware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security Consulting

Security research has uncovered an active Interlock ransomware campaign exploiting a critical zero-day vulnerability in Cisco Secure Firewall Management Centre (FMC) software. Utilizing this unauthenticated remote code execution flaw via the Amazon MadPot network, threat actors compromised enterprise environments for over a month before public disclosure. Cisco Firewall Zero-Day The intrusion campaign centers entirely on […] Thank you for subscr…

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to

Cisco Warns of Actively Exploited SD-WAN Vulnerabilities Affecting Catalyst Network Systems

Cisco warns of several security holes in its Catalyst SD-WAN Manager, noting hackers have begun using at least one in live operations. Updates exist – applying them quickly reduces risk exposure. Exploitation is underway; delayed patching increases danger. Systems remain vulnerable until fixes take effect. Each unpatched flaw offers attackers a potential entry point. Action now limits future compromise chances.  Catalyst SD-WAN Manager – once ca…