InfoSecBulletin Cybersecurity for mankind
Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to fix a serious flaw, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22.
Cisco released a security bulletin about the flaw on March 4. They told system managers to install the security updates quickly and said there are no fixes to work around it.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The Cisco Secure Firewall Management Center (FMC) is a main control system for important Cisco network security tools, like firewalls, application control, intrusion prevention, URL filtering, and malware protection.
“A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device,” Cisco says in the advisory.
The flaw comes from unsafe deserialization of a Java byte stream provided by the user. It can be exploited by sending a specially made Java object to the web management interface of a device that is affected.
On March 18, the vendor updated its notice to say that CVE-2026-20131 is being actively used to attack systems. Researchers at Amazon found that hackers are using this weakness in their attacks, and that the Interlock ransomware group has been taking advantage of it as a zero-day since late January.
Amazon stated that the ransomware threat actor exploited CVE-2026-20131 more than a month before the vendor published the patch.
Interlock ransomware has claimed many well-known targets since it started in late 2024. Some of these include DaVita, Kettering Health, the Texas Tech University System, and the city of Saint Paul in Minnesota.
The attacker is using the ClickFix method to get in. They are also using special remote access tools and malware like NodeSnake and Slopoly.
CISA has added CVE-2026-20131 to its Known Exploited Vulnerabilities (KEV) catalog, marking it as “known to be used in ransomware campaigns.”
Given the severity of CVE-2026-20131 and its active exploitation status since late January 2026, CISA gave Federal Civilian Executive Branch (FCEB) agencies only until this Sunday to apply the security updates or stop using the product.
CISA’s deadline matters to all groups under Binding Operational Directive (BOD) 22-01, but private companies, state and local governments, and non-FCEB organizations should still think about it and take action.
