Black & White Path

Mar 25, 2026 · Information Security

How Interlock Ransomware Exploits Cisco FMC Zero‑Day CVE‑2026‑20131 for Root Access

Amazon's threat‑intel team revealed that the Interlock ransomware group has been leveraging Cisco Firepower Management Center's CVE‑2026‑20131 zero‑day—an insecure deserialization flaw that grants unauthenticated root access—since January 2026, exposing a detailed attack chain, toolset, attribution clues, impact assessment, and defensive recommendations.