Cybersecurity News | Daily Recap [19 Mar 2026] Daily Recap, active exploits include Microsoft SharePoint deserialization RCE (CVE-2026-20963) being exploited in the wild against unpatched SharePoint Server 2016/2019/Subscription, and Interlock ransomware leveraging a Cisco Secure FMC zero-day (CVE-2026-20131) before patching. It also notes CISA directives to patch Zimbra XSS (CVE-2025-66376) and patches across WebKit (CVE-2026-20643) and UniFi (CVE-2026-22557), ongoing Marquis and Aura breaches, and policy moves involving China, DPRK, and Volt Typhoon. #SharePointFlaw #InterlockRansomware #CiscoFMC #ZimbraXSS #WebKitPatch #UniFiFlaw #TelnetdRCE #ScreenConnectPatch #MarquisBreach #AuraBreach #DarkSwordKit #PerseusMalware #Stryker #Handala #China #DPRK #VoltTyphoon

Active exploits target Microsoft SharePoint RCE (CVE-2026-20963) and Cisco Secure FMC zero-day (CVE-2026-20131) used by Interlock ransomware. CISA urges patches for Zimbra XSS and UniFi flaws amid Marquis and Aura breaches. #SharePointFlaw #CiscoFMC

Interlock Ransomware Leveraged Cisco FMC Zero-Day 36 Days Before Patch Amazon’s threat intelligence teams uncovered an Interlock ransomware campaign exploiting a zero-day flaw in Cisco Secure Firewall Management Center (FMC), tracked as CVE-2026-20131. MadPot honeypots recorded exploitation beginning January 26, 2026—36 days before Cisco’s disclosure—and revealed the attackers’ multi-stage toolkit, post-exploitation RATs, memory-resident webshells, and organized data-exfiltration infrastructure while confirming no...

Interlock ransomware exploited Cisco FMC zero-day CVE-2026-20131 starting Jan 26, 36 days before patch release. Attackers used multi-stage toolkit with RATs and webshells; no impact on Amazon cloud users. #InterlockRansomware #CiscoFMC #USA