Cisco disclosed two CVSS 10.0 vulnerabilities in their Secure Firewall Management Center — the system that manages your entire firewall fleet — exploitable by an unauthenticated attacker with a single HTTP request. HN65 covers that plus a nation-state group mass-producing AI-generated malware, Google largest Android security update in eight years (129 CVEs, one zero-day), Chinese state hackers targeting South American telecoms with three new malware families, and LexisNexis getting breached because their password was Lexis1234.
Stories Covered
Dual CVSS 10.0 in Cisco Secure Firewall Management Center
CVE-2026-20079 and a second critical flaw in Cisco FMC allow an unauthenticated attacker to send crafted HTTP requests and bypass authentication entirely — gaining root-level access to the system that controls your entire firewall fleet. The vulnerability stems from an improperly initialized system process created at boot time. Cisco published the advisory as part of a 48-vulnerability bundle on March 4th. If your organization runs Cisco FMC, this is patch-now territory.
AI Malware Assembly Line: Distributed Denial of Detection
A nation-state group was caught mass-producing AI-generated malware variants at a pace researchers are calling a distributed denial of detection. By generating functionally identical but syntactically unique variants faster than signature databases can update, the group is systematically outpacing traditional AV and EDR detection pipelines.
Google Android Security Update: 129 CVEs, One Zero-Day
Google released the largest Android security update in nearly eight years, patching 129 vulnerabilities. One of those is a zero-day already flagged by CISA as being actively exploited. If you have Android auto-updates enabled, check that the March patch has been applied — if not, do it manually.
Chinese Hackers Target South American Telecoms with 3 New Malware Families
Chinese state-linked threat actors were found embedding themselves in South American telecom infrastructure using three previously undocumented malware families. The campaign follows a pattern of targeting regional telecoms as pivot points for broader espionage operations, consistent with earlier campaigns against Southeast Asian and European carriers.
LexisNexis Breached — Password Was Lexis1234
LexisNexis, which describes itself as one of the world largest protectors of private data, suffered a breach attributed in part to an administrator account secured with the password Lexis1234. This is the kind of credential hygiene failure that no amount of sophisticated tooling can compensate for — and a reminder that the most dangerous vulnerabilities are sometimes the most mundane ones.
Leave a Reply