**********Cisco FMC zero-day exploited by Interlock ransomware + ShinyHunters** [developing]
Key Questions
What is the Cisco FMC zero-day CVE-2026-20131?
CVE-2026-20131 is a critical CVSS 10.0 zero-day in Cisco Firepower Management Center (FMC) affecting the management plane, enabling root access. It was exploited by Interlock ransomware. The flaw allows full compromise of the device.
Who exploited the Cisco FMC CVE-2026-20131?
Interlock ransomware group exploited the zero-day for root access on the management plane. ShinyHunters also claimed a separate Cisco breach. Additional ties include Trivy breach and Russia/Slopoly AI tactics.
What breaches are linked to the Cisco incident?
ShinyHunters claimed a Cisco breach, stealing Salesforce/AWS data on 3 million records. They also exposed EU Commission AWS keys via TeamPCP creds theft, leaking 90GB from 30 entities. CERT-EU confirmed the EU hack exposure.
What is the severity of Cisco's CVE-2026-20131?
The vulnerability has a perfect CVSS score of 10.0 due to its potential for root-level ransomware deployment. It targets the FMC management interface. Exploitation enables full system control.
What other claims are associated with ShinyHunters in this context?
ShinyHunters claimed breaches of Cisco, Trivy, and EU Commission AWS via stolen TeamPCP credentials. This resulted in a 90GB data leak affecting 30 EU entities. The group also targeted Salesforce and AWS with 3 million records.
CVE-2026-20131+ mgmt-plane root/ransomware; Trivy breach, ShinyHunters Salesforce/AWS/EU Commission (92GB 71 entities, TeamPCP); Russia/Slopoly.