Cisco Firepower Management Center (FMC) was actively exploited by the Interlock ransomware group as a zero-day 36 days before public disclosure, enabling attackers to access and potentially manipulate enterprise firewall management infrastructure. The exploitation vector is T1190 (Exploit Public-Facing Application), with confirmed secondary TTPs including C2 over application-layer protocols and ransomware deployment. Any organization with an internet-accessible FMC management interface should treat this as a potential past-exploitation scenario, not just a future patching obligation.