Originally reported by Infosecurity Magazine
TL;DR
AWS reports that Interlock ransomware has been exploiting an undisclosed Cisco firewall zero-day since January, while Rapid7 research shows AI is accelerating attacker response times to just 5 days from vulnerability disclosure to CISA KEV inclusion.
Active exploitation of a Cisco zero-day by ransomware groups combined with AI-accelerated threat timelines represents a significant shift in the threat landscape requiring immediate attention.
The threat landscape continues to evolve at an accelerated pace, with new intelligence revealing both active zero-day exploitation and the compression of attack windows through AI automation. Regulatory bodies are responding with updated compliance frameworks while law enforcement dismantles cryptocurrency-targeting scams.
Amazon Web Services has disclosed that the Interlock ransomware group has been actively exploiting an undisclosed zero-day vulnerability in Cisco firewall products since January 2026. The notification represents a significant timeline disclosure, indicating sustained exploitation of enterprise infrastructure over multiple months.
The revelation highlights the persistent threat posed by sophisticated ransomware operations that maintain access to undisclosed vulnerabilities. AWS's public warning suggests the exploitation may have reached sufficient scale or impact to warrant broad industry notification, though specific technical details about the affected Cisco products remain undisclosed.
Rapid7's latest threat intelligence research reveals a dramatic acceleration in the vulnerability exploitation lifecycle. The median time from initial vulnerability publication to inclusion in CISA's Known Exploited Vulnerabilities (KEV) catalog has compressed to just five days in 2025.
This represents a significant shift from historical patterns, with researchers attributing the acceleration to AI-enabled adversarial capabilities. The compression of exploitation windows fundamentally alters the defensive timeline, requiring organizations to reassess patch deployment strategies and emergency response procedures.
The finding suggests that traditional vulnerability management approaches predicated on longer exploitation windows may no longer provide adequate protection against AI-augmented threat actors.
The UK's Financial Conduct Authority has issued updated regulatory guidance clarifying cyber incident and third-party risk reporting requirements for financial services organizations. The new rules aim to standardize incident classification and improve regulatory visibility into systemic risks affecting the financial sector.
The updated framework addresses gaps in previous guidance, particularly around third-party vendor incidents that impact regulated entities. Financial institutions must now provide more granular reporting on supply chain security incidents and demonstrate enhanced due diligence processes for critical service providers.
Security researchers have exposed and dismantled the "ShieldGuard" operation, a malicious Chrome extension that masqueraded as a cryptocurrency security tool while actually stealing wallet credentials and draining user accounts.
The extension leveraged social engineering techniques to position itself as a legitimate security solution, highlighting the continued evolution of cryptocurrency-targeting malware. The operation's discovery underscores the importance of verification processes for browser extensions claiming security functionality, particularly in the cryptocurrency ecosystem where irreversible transactions amplify the impact of successful attacks.
Originally reported by Infosecurity Magazine