Interlock ransomware and its affiliated actor Hive0163 appear across two distinct campaign items this period: IBM X-Force identified Hive0163 deploying an AI-generated PowerShell backdoor (Slopoly) with over one week of dwell time before exfiltration, and eSentire attributed active exploitation of CVE-2026-20131 (Cisco FMC) to the Interlock group. This dual presence — targeting both enterprise network management infrastructure and Windows endpoints via AI-assisted custom tooling — indicates a capable, financially motivated actor actively expanding its initial access methods. SOC and IR teams should correlate detections for the Cisco FMC advisory with Interlock TTPs and hunt for Slopoly behavioral indicators (scheduled task creation, encoded PowerShell, Restart Manager API activity) on Windows endpoints concurrently.