TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

The Interlock ransomware group exploited CVE-2026-20131, a maximum-severity remote code execution flaw in Cisco Secure Firewall Management Center, as a zero-day for 36 days before Cisco patched it on March 4. Amazon's CISO CJ Moses disclosed the findings, noting that Amazon's MadPot honeypot network caught the exploit traffic and also discovered a misconfigured Interlock infrastructure server that exposed their full post-exploitation toolkit. That toolkit includes PowerShell reconnaissance scripts, a JavaScript browser implant using WebSocket C2 communications, a Java-based GlassFish implant as a backup, a Linux reverse proxy Bash script, memory-resident backdoors that avoid disk writes, and legitimate tools like ConnectWise ScreenConnect, Volatility, and Certify to blend in with normal traffic. Interlock has previously targeted hospitals, medical facilities, and municipal governments.

Ransomware crims abused Cisco 0-day weeks before disclosure