CISA warns that hackers are taking advantage of flaws in Zimbra and SharePoint; Cisco was hit by ransomware attacks on zero-day vulnerabilities.

The vulnerabilities in question are as follows: There are currently no public reports about who may be taking advantage of these flaws or how widespread these efforts may be This article explores linked interlock ransomware. . Because there is active exploitation, the Federal Civilian Executive Branch (FCEB) agencies should apply patches for CVE-2025-66376 by April 1, 2026, and for CVE-2026-20963 by March 23, 2026.

Amazon's announcement comes after it was revealed that hackers linked to Interlock ransomware have been taking advantage of a serious security hole in Cisco's firewall management software (CVE-2026-20131, CVSS score: 10.0) since January 26, 2026, more than a month before it was made public. Amazon said, "Interlock has always gone after certain sectors where operational disruption puts the most pressure on payment."

These areas include education, engineering, architecture, construction, manufacturing, industry, health care, and the government. This attack shows once again that threat actors often target edge network devices from different vendors, such as Cisco, Fortinet, Ivanti, and others, to get into target networks. The fact that CVE-2026-20131 was turned into a weapon as a zero-day shows that hackers are spending time and money looking for new flaws that could give them more access.