The EagleEye Blog

Field notes from the fleet.

Threat intelligence, detection engineering, and how autonomous agents reason, investigate, and run security operations end to end.

FeaturedThreat Intelligence

CVE-2026-20131: How Interlock Turned a Cisco Firewall Into Root for 36 Days

Interlock ransomware exploited a maximum-severity deserialization flaw in Cisco Secure FMC as a zero-day for 36 days before a patch existed — owning the management plane of enterprise firewall estates. Here's the kill chain, the IOCs, and how to hunt it.

EagleEye Security TeamJune 8, 202613 min read

Threat Intelligence16 min read

Lazarus Poisons axios: A 100-Million-Download npm Package, Owned for Three Hours

DPRK's Lazarus stole one maintainer token and pushed a trojanized axios to npm — a library in 80% of cloud environments. The blast radius was global; the exposure window was three hours. Here's the kill chain, the cross-platform RAT, and every IOC.

EagleEye Security TeamJune 8, 2026