How Interlock Ransomware Owned Enterprise Firewalls Before Anyone Knew January 26, 2026. A ransomware gang called Interlock starts exploiting a vulnerability in Cisco Secure Firewall Management Center. CVSS score: 10.0. The maximum. Unauthenticated. Remote. Root access. Cisco doesn't know yet. Their customers don't know yet. For 36 days, every Cisco FMC instance facing the internet is a door with no lock. What CVE-2026-20131 Actually Does Insecure deserialization of user-supp

Wiz sold "visibility" to Google for $32 billion. They meant inward. We mean outward. Only one stops the bullet. "Visibility equals security." That's the pitch. Wiz, CrowdStrike, Palo Alto, every vendor at RSA for the last five years. If you can see it, you can secure it. Dashboard everything. Alert on everything. Visualize your attack surface and the threats will reveal themselves. They're not wrong. They're just looking the wrong direction. The Inward Gaze Wiz looks inward.

We followed the Handala wiper network. It led to 120 offensive AI skills, MANPADS documentation, and the biggest collection node we've ever seen. Two weeks ago we found Iran's Handala wiper masquerading as a CrowdStrike update on GitHub. The repo was published by an account called MrDomainAdmin — 20 repos, zero followers, no bio. A ghost. Today we followed the followers. The Network MrDomainAdmin has 7 followers. One of them is killvxk . killvxk has 14,220 public repositories