Interlock Ransomware Exploits Critical Zero-Day Vulnerability in Cisco FMC Software

Amazon Threat Intelligence has reported an active Interlock ransomware campaign exploiting a critical zero-day vulnerability in Cisco Secure Firewall Management Center (FMC) Software, identified as CVE-2026-20131 with a CVSS score of 10.0. The flaw involves insecure deserialization of a user-supplied Java byte stream, allowing an unauthenticated, remote attacker to gain root access. No specific timeline or affected versions were disclosed, but the vulnerability is currently being leveraged in real-world attacks. The impact enables full system compromise without prior authentication. Technical details remain limited to the deserialization vector and remote exploitation capability.