Cisco Firewall 0-day Vulnerability Exploited in the Wild to Deploy Interlock Ransomware

The Interlock ransomware group is actively exploiting a Cisco Firewall 0-day vulnerability (CVE-2026-20131) to deploy their ransomware, a flaw that allows unauthenticated remote attackers to execute arbitrary Java code. This exploitation began before the vulnerability’s public disclosure, enabling the group to compromise organizations unaware of the threat.