Amazon Threat Intelligence has revealed that the Interlock ransomware group exploited CVE-2026-20131—a critical CVSS 10.0 vulnerability in Cisco Secure Firewall Management Center—as a zero-day since January 26, 2026, more than five weeks before Cisco publicly disclosed the flaw on March 4. Why It Matters This case demonstrates the dangerous window between zero-day exploitation and vendor…

Low-cost IP KVM devices—designed to provide remote keyboard, video, and mouse access to physical systems—are introducing catastrophic security risks into enterprise environments. New research from Eclypsium reveals nine vulnerabilities affecting products from GL-iNet, Angeet/Yeeso, Sipeed, and JetKVM, with the most severe enabling unauthenticated attackers to achieve root access. Why IP KVM Vulnerabilities Are Uniquely Dangerous…

A comprehensive analysis by ESET has uncovered a thriving ecosystem of endpoint detection and response (EDR) killer tools, revealing that 54 of these specialized programs abuse 34 vulnerable signed drivers to neutralize security software before ransomware attacks. The BYOVD Threat Landscape EDR killer programs have become a standard component in ransomware intrusions, offering affiliates a…

Rapid7 has released its 2026 Global Threat Landscape Report, revealing a dramatic acceleration in cyber attack patterns that leaves organizations with shrinking windows to respond to emerging threats. The research demonstrates that the predictive lead time defenders once relied upon between vulnerability disclosure and active exploitation has largely disappeared. Key Findings: The Numbers Tell the…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a medium-severity vulnerability in Wing FTP Server to its Known Exploited Vulnerabilities (KEV) catalog on March 16, 2026, confirming that attackers are actively exploiting the flaw in real-world attacks. Vulnerability Details Tracked as CVE-2025-47813 (CVSS score: 4.3), the vulnerability is an information disclosure flaw that…