By therecord.media
Publication Date: 2026-03-19 13:54:00
The ransomware gang behind a damaging cyberattack last year on the city of St. Paul recently exploited a vulnerability in a popular line of Cisco firewalls before the bug was disclosed publicly.
CJ Moses, CISO of Amazon Integrated Security, released a report on Wednesday outlining the Interlock ransomware gang’s exploitation of CVE-2026-20131 — a critical vulnerability disclosed on March 4 affecting Cisco Secure Firewall Management Center software.
According to Moses, Interlock began using the vulnerability in attacks on January 26. Cisco did not respond to requests for comment but updated its advisory on Wednesday to confirm that the vulnerability has been exploited.
“This wasn’t just another vulnerability exploit, Interlock had a zero-day in their hands, giving them a week’s head start to compromise organizations before defenders even knew to look,” Moses said.
“The real story here isn’t just about one vulnerability or one ransomware group — it’s…
