A critical zero-day vulnerability in Cisco Secure Firewall Management Center (FMC) — tracked as CVE-2026-20131 — has been exploited in the wild to deploy Interlock ransomware. The timeline and technical details reported by independent researchers make this a clear, urgent warning for organizations running Cisco FMC: an unauthenticated remote exploit can lead to arbitrary Java code execution with root privileges,