Signal

Interlock ransomware exploited Cisco firewall zero-day weeks before patch

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-03-19 08:57 UTCUpdated 2026-03-19 23:09 UTC

rss

cveexploitsransomwareincident_responsesecurity_advisory

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (5)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Interlock ransomware targeting of max severity Cisco FMC zero-day precedes disclosure

SC Media · News · scworld.com · 2026-03-19 23:09 UTC

Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared

CSO Online · News · csoonline.com · 2026-03-19 18:25 UTC

Interlock ransomware gang exploited Cisco firewall zero-day weeks before disclosure: Amazon

The Record (Recorded Future News) · News · therecord.media · 2026-03-19 14:00 UTC

AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January

Infosecurity Magazine · News · infosecurity-magazine.com · 2026-03-19 09:50 UTC

View all evidence

Overview

The Interlock ransomware group exploited a critical zero-day vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center software starting January 26, weeks before Cisco publicly disclosed and patched the flaw on March 4.

Entities

CiscoAmazonAWSInterlock ransomware

Score total

1.47

Momentum 24h

5

Posts

5

Origins

5

Source types

1

Duplicate ratio

0%

Why now

Interlock ransomware attacks began weeks before Cisco's patch release, showing active exploitation.
Amazon's recent disclosure brings attention to ongoing risks in firewall security.
The incident underscores the need for rapid vulnerability management in critical infrastructure.

Why it matters

Zero-day exploitation of critical firewall software increases risk of widespread ransomware impact.
Early detection by Amazon highlights importance of honeypots and threat intelligence in incident response.
Timely patching of critical vulnerabilities is essential to mitigate active ransomware campaigns.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Interlock ransomware exploited Cisco firewall zero-day vulnerability CVE-2026-20131 weeks before patch release

How sources frame it

CSO Online: neutral

All evidence

All evidence

Interlock ransomware targeting of max severity Cisco FMC zero-day precedes disclosure

SC Media · scworld.com · 2026-03-19 23:09 UTC

Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared

CSO Online · csoonline.com · 2026-03-19 18:25 UTC

Interlock ransomware gang exploited Cisco firewall zero-day weeks before disclosure: Amazon

The Record (Recorded Future News) · therecord.media · 2026-03-19 14:00 UTC

AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January

Infosecurity Magazine · infosecurity-magazine.com · 2026-03-19 09:50 UTC

Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks

SecurityWeek · securityweek.com · 2026-03-19 08:57 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 5 / 0

Top publishers (this list)

SC Media (1)
CSO Online (1)
The Record (Recorded Future News) (1)
Infosecurity Magazine (1)
SecurityWeek (1)

Top origin domains (this list)

scworld.com (1)
csoonline.com (1)
therecord.media (1)
infosecurity-magazine.com (1)
securityweek.com (1)