Cisco Secure Firewall Management Center Zero-Day Exploited by Interlock Ransomware Gang

A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) was exploited as a zero-day by the Interlock ransomware gang prior to its public disclosure. Amazon's CISO and VP of Security Engineering, CJ Moses, revealed that Interlock began exploiting the flaw 36 days before Cisco's patch release, starting on January 26, 2026. The discovery was made using Amazon's MadPot honeypot system. Cisco disclosed and patched the vulnerability in early March 2026. No specific impact details beyond exploitation by the ransomware group were provided.