March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day
Essential information
- Published
- 14/04/2026 10:53
- Modified
- 14/04/2026 09:22
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- cisco fmc cve-2017-7921 cve-2021-30952 cve-2023-41974 cve-2025-26399 cve-2025-32432 cve-2025-53521 cve-2025-54068 cve-2025-68613 cve-2026-20131 cve-2026-20963 cve-2026-21262 cve-2026-21385 cve-2026-25187 cve-2026-26127 cve-2026-27483 cve-2026-27944 cve-2026-3055 cve-2026-33017 cve-2026-33032 cve-2026-33634 cve-2026-3564 cve-2026-3909 cve-2026-3910 deserialization vulnerability ghostblade ghostknife ghostsaber ios exploit kit plasmagrid
- Tags
- 2026-04-14 CVE-2017-7921 CVE-2021-30952 CVE-2023-41974 CVE-2025-26399 CVE-2025-32432 CVE-2025-53521 CVE-2025-54068 CVE-2025-68613 CVE-2026-20131 CVE-2026-20963 CVE-2026-21262 CVE-2026-21385 CVE-2026-25187 CVE-2026-26127 CVE-2026-27483 CVE-2026-27944 CVE-2026-3055 CVE-2026-33017 CVE-2026-33032 CVE-2026-33634 CVE-2026-3564 CVE-2026-3909 CVE-2026-3910 cisco fmc deserialization vulnerability ghostblade ghostknife ghostsaber ios exploit kit plasmagrid plasmaloader ransomware remote code execution zero-day exploitation
- Related entities
- 23 vulnerabilities (cve), 2 indicators, 2 observables, 1 intrusion sets (apt), 20 techniques (mitre), 5 malware
Description
In March 2026, 31 high-impact vulnerabilities were identified requiring prioritization for remediation, with 29 receiving Very Critical Risk Scores. Affected vendors included Cisco, Microsoft, Google, ConnectWise, and others, with Microsoft and Apple accounting for approximately 32% of vulnerabilities. Notably, the Interlock Ransomware Group exploited CVE-2026-20131, a zero-day deserialization vulnerability in Cisco Secure Firewall Management Center, as early as January 2026 to compromise enterprise networks. The group deployed custom remote access trojans and facilitated ransomware operations through crafted HTTP requests executing arbitrary Java code as root. Additional campaigns involved the DarkSword iOS exploit kit delivering GHOSTKNIFE, GHOSTSABER, and GHOSTBLADE payloads, and the Coruna exploit kit deploying PlasmaLoader malware. Nine vulnerabilities enabled remote code execution across multiple platforms. One vulnerability dated back nine years, emphasizing continued exploitation of legacy unpatched