Interlock Exploits Cisco FMC Zero-Day Amid 31 High-Impact March Vulnerabilities - cyberpress.org

Interlock Exploits Cisco FMC Zero-Day Amid 31 High-Impact March Vulnerabilities By Varshini April 16, 2026 Categories: Cyber Security NewsZero-day In March 2026, researchers at Insikt Group identified 31 high-impact cybersecurity vulnerabilities requiring urgent remediation. According to the threat intelligence data, 29 of these flaws received a Very Critical risk score. Microsoft and Apple products were the most heavily targeted, together accounting for approximately 32% of the identified vulnerabilities. The report emphasizes that threat actors continue to target legacy systems, demonstrated by the active exploitation of a nine-year-old Hikvision vulnerability (CVE-2017-7921). Security teams are urged to prioritize patching based on active exploitation rather than relying solely on base severity metrics. Active Exploits and Key Vulnerability Trends Throughout March, all 31 tracked vulnerabilities were actively exploited in the wild, with public proof-of-concept (PoC) exploits available for 10 of them. Insikt Group released Nuclei templates to help defenders detect high-severity flaws, including a path-traversal issue in MindsDB (CVE-2026-27483) and an authentication bypass in the Nginx UI (CVE-2026-27944). Instead of relying on raw data tables, security teams should note the following critical vulnerabilities facing active attacks: Cisco Secure FMC: A critical deserialization flaw (CVE-2026-20131) allowing severe system compromise with a risk score of 99. Microsoft Ecosystem: Multiple high-impact flaws impacting SQL Server (CVE-2026-21262), .NET (CVE-2026-26127), and Windows (CVE-2026-25187). Google Components: Out-of-bounds weaknesses in Google Skia (CVE-2026-3909) and Chromium V8 (CVE-2026-3910). Risk Rules History from Hash Intelligence Card (Source: recordedfuture) The most common weaknesses observed in this disclosure cycle were the deserialization of untrusted data (CWE-502) and code injection (CWE-94). Notably, nine vulnerabilities enabled attackers to execute remote code (RCE). The threat landscape also saw complex mobile threats, with the DarkSword exploit chain achieving Safari-based RCE on iOS devices to deploy payloads such as GHOSTKNIFE. In contrast, the Coruna exploit kit delivered the PlasmaLoader malware. Interlock Ransomware and Mitigation Strategies The most alarming threat in March involved the Interlock Ransomware Group. According to Amazon Threat Intelligence, the group exploited the Cisco Secure Firewall Management Center (FMC) vulnerability (CVE-2026-20131) as a zero-day starting January 26, 2026. This critical flaw allows unauthenticated attackers to execute arbitrary Java code with root privileges via crafted HTTP requests. Vulnerability Intelligence Card® for CVE-2026-20131 in Recorded Future (Source: Recorded Future) Once attackers breached the Cisco FMC interfaces, they deployed malicious ELF binaries from staging servers to support follow-on operations. The Interlock group utilized custom remote access trojans (RATs) and memory-resident web shells to maintain persistence. Recorded future research also leveraged legitimate administrative tools, such as ConnectWise ScreenConnect and Certify, to facilitate credential theft and lateral movement. A screen locker sample analyzed by Recorded Future Malware Intelligence revealed evasion tactics, such as delaying execution and detecting debuggers. Furthermore, a public PoC utilizing the ysoserial tool surfaced on GitHub, demonstrating how easily unauthenticated actors could automate these attacks against exposed systems. By focusing on actionable intelligence and observed threat actor behavior, defenders can better protect their infrastructure from sophisticated zero-day campaigns. Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google. Share Facebook Twitter Pinterest WhatsApp Varshini Recent Articles Windows Snipping Tool Vulnerability Allows Attackers to Perform Network Spoofing Cyber Security News April 16, 2026 Two U.S. Nationals Sentenced for Running Laptop Farms in $5 Million DPRK Remote Worker Scheme Cyber Security News April 16, 2026 PoC Exploit Released for Microsoft Defender 0-Day Vulnerability Cyber Security News April 16, 2026 Researchers Map 1,250+ C2 Servers Across Russian Hosting Providers Cyber Attack April 16, 2026 Threat Actors Use Fake Adobe Reader Download To Deploy ScreenConnect Cyber Attack April 16, 2026 Related Stories Cyber Security News Windows Snipping Tool Vulnerability Allows Attackers to Perform Network Spoofing AnuPriya - April 16, 2026 Cyber Security News Two U.S. Nationals Sentenced for Running Laptop Farms in $5 Million DPRK Remote Worker Scheme AnuPriya - April 16, 2026 Cyber Security News PoC Exploit Released for Microsoft Defender 0-Day Vulnerability AnuPriya - April 16, 2026 Cyber Attack Researchers Map 1,250+ C2 Servers Across Russian Hosting Providers Varshini - April 16, 2026 Cyber Attack Threat Actors Use Fake Adobe Reader Download To Deploy ScreenConnect Varshini - April 16, 2026 Cyber Security News Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious Code AnuPriya - April 16, 2026 LEAVE A REPLY Comment: Name:* Email:* Website: