Dual CVSS 10.0 Cisco Flaws, AI Malware Assembly Line, Qualcomm Zero-Day & More | HN65

This week on Hacking News, we're covering five stories that all share one theme: the things we trust most are the things being targeted.
Cisco disclosed two CVSS 10.0 vulnerabilities in their Secure Firewall Management Center — the centralized brain that manages entire firewall fleets — giving unauthenticated attackers root access. Pakistan-linked APT36 has turned AI coding tools into a malware assembly line, flooding Indian government networks with disposable "vibeware" variants in a strategy Bitdefender calls "Distributed Denial of Detection." Google dropped the largest Android security update in almost eight years — 129 vulnerabilities — including a Qualcomm zero-day already under targeted exploitation across 234 chipsets. A China-linked threat cluster called UAT-9244 is burrowing into South American telecom infrastructure with three brand-new malware families spanning Windows, Linux, and edge devices. And LexisNexis confirmed a cloud breach after a threat actor exploited an unpatched React app and found the database password was... Lexis1234.

⏱️ Timestamps
0:00 — Cold Open: What do you call a hackable firewall manager?
1:21 — Welcome & CTA
2:01 — Story 1: Cisco Secure FMC — Two CVSS 10.0 Vulnerabilities (CVE-2026-20079 & CVE-2026-20131)
5:33 — Story 2: APT36 "Vibeware" — AI-Generated Malware at Industrial Scale
9:13 — Story 3: Google Android March 2026 — 129 Patches + Qualcomm Zero-Day (CVE-2026-21385)
12:34 — Story 4: UAT-9244 / FamousSparrow — China-Linked APT Hits South American Telecoms
16:26 — Story 5: LexisNexis Cloud Breach — React2Shell, Weak Passwords, Gov Data
20:14 — Recap & Key Takeaways
22:40 — Outro

🔑 Key Takeaways

Network security appliances are high-value targets. The Cisco FMC vulnerabilities follow the same pattern as the SD-WAN disclosure — if the management plane is compromised, everything downstream is at risk.
AI is changing the economics of malware, not the sophistication. APT36's vibeware shows the real threat is volume, not brilliance. Detection teams may need to rethink approaches for floods of low-quality polyglot variants.
Mobile patching remains the ecosystem's Achilles' heel. 129 Android vulnerabilities, including an exploited Qualcomm zero-day across 234 chipsets. Google releases patches; manufacturers control the timeline.
Telecom targeting is not slowing down. UAT-9244 demonstrates continued investment in multi-platform telecom compromise toolkits — Windows, Linux, and edge devices simultaneously. P2P C2 and ORB expansion make detection exceptionally difficult.
Cloud security basics still matter more than anything. The LexisNexis breach wasn't a zero-day — it was an unpatched app, an overly permissive IAM role, and a weak password. Fundamentals remain the most impactful things any organization can do.

📚 Sources
Story 1 — Cisco FMC:

Cisco Advisory: cisco-sa-onprem-fmc-authbypass-5JPp45V2
Cisco Advisory: cisco-sa-fmc-rce-NKhnULJh
The Stack — "Two CVSS 10s in Cisco firewall management found internally"
Security Affairs — "Cisco fixes maximum-severity Secure FMC bugs"
Singapore CSA: Alert AL-2026-021

Story 2 — APT36 Vibeware:

Bitdefender — "APT36: A Nightmare of Vibeware"
Dark Reading — "Nation-State Actor Embraces AI Malware Assembly Line"
HackRead — "Pakistan-Linked APT36 Floods Indian Govt Networks"
SC Media — "AI-generated vibeware spread in new APT36 campaign"

Story 3 — Android March 2026:

Google Android Security Bulletin — March 2026
CyberScoop — "Google addresses actively exploited Qualcomm zero-day"
The Hacker News — "Google Confirms CVE-2026-21385"
SecurityWeek — "Android Update Patches Exploited Qualcomm Zero-Day"
CISA KEV Catalog — CVE-2026-21385

Story 4 — UAT-9244:

Cisco Talos — "UAT-9244 targets South American telecommunication providers"
BleepingComputer — "Chinese state hackers target telcos with new malware toolkit"
The Hacker News — "China-Linked Hackers Use TernDoor, PeerTime, BruteEntry"

Story 5 — LexisNexis:

BleepingComputer — "LexisNexis confirms data breach as hackers leak stolen files"
The Register — "LexisNexis Legal & Professional confirms data breach"
SecurityWeek — "New LexisNexis Data Breach Confirmed"
The Record — "LexisNexis says hackers accessed legacy data"
Cybernews — "Hackers claim LexisNexis breach exposing 400K users"

⚠️ The content presented by Exploit Brokers by Forgebound Research is for educational and informational purposes only. Cipherceval is a cybersecurity educator and commentator — not your personal security consultant, legal counsel, or professional advisor. The information shared here reflects publicly available research, industry reporting, and the host's personal perspective. It does not constitute professional security consulting or individualized guidance for your specific environment. Always consult with qualified professionals for decisions affecting your systems and security posture.