Cisco

• Cisco FMC Zero-Day CVE-2026-20131: Interlock Ransomware Had Root for 36 Days Before the Patch Existed March 24, 2026

  CVE-2026-20131, a CVSS 10.0 zero-day in Cisco Secure Firewall Management Center, was exploited by the Interlock ransomware gang for 36 days before Cisco disclosed it. CISA added it to KEV with a federal patch deadline of March 22; no workarounds exist.