Interlock Ransomware Exploits Cisco Zero-Day CVE-2026-20131 — The Hacker News

The Interlock ransomware gang has been actively exploiting a zero-day vulnerability, CVE-2026-20131, in Cisco's Firepower Management Center (FMC) to gain root access. This maximum severity remote code execution (RCE) vulnerability has been under attack since January, allowing adversaries to compromise affected systems. Security teams should prioritize patching and review network activity for indicators of compromise, as this vulnerability poses a significant risk to organizational security.

Apple Patches WebKit Vulnerability Allowing Same-Origin Policy Bypass — The Hacker News

Apple has released a Background Security Improvements update to address a critical WebKit vulnerability that enabled a Same-Origin Policy bypass on iOS and macOS devices. This flaw could allow attackers to execute malicious scripts across different origins, potentially leading to data theft or further exploits. Users should update their devices immediately to mitigate this risk and ensure their browsing activities remain secure.

CISA Orders Immediate Patching of Zimbra XSS Vulnerability — BleepingComputer

CISA has issued an emergency directive for U.S. government agencies to patch a cross-site scripting (XSS) vulnerability in Zimbra, which is being actively exploited in the wild. This vulnerability allows attackers to execute arbitrary scripts in the context of the user's session, potentially leading to data breaches or further network compromise. Agencies must act swiftly to secure their servers and prevent exploitation.

• C2 Implant 'SnappyClient' Targets Crypto Wallets [Dark Reading]
• OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs [The Hacker News]
• ConnectWise patches new flaw allowing ScreenConnect hijacking [BleepingComputer]
• New “Darksword” iOS exploit used in infostealer attack on iPhones [BleepingComputer]
• SideWinder Espionage Campaign Expands Across Southeast Asia [Dark Reading]