BrianKrebs

Whoa, that escalated quickly. This just got sent out by the press folks at the Federal Communications Commission (FCC). The FCC says it has decided that all foreign-made consumer-grade Internet routers are henceforth prohibited from receiving FCC authorization and are therefore prohibited from being imported for use or sale in the United States.

"Update Follows Determination by Executive Branch Agencies that Consumer-Grade Routers Produced in Foreign Countries Threaten National Security

WASHINGTON, March 23, 2026—Today, the Federal Communications Commission updated its Covered List to include all consumer-grade routers produced in foreign countries. Routers are the boxes in every home that connect computers, phones, and smart devices to the internet. This followed a determination by a White House-convened Executive Branch interagency body with appropriate national security expertise that such routers “pose unacceptable risks to the national security of the United States or the safety and security of United States persons.”

"The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”

"This action does not affect any previously-purchased consumer-grade routers. Consumers can continue to use any router they have already lawfully purchased or acquired."

"Producers of consumer-grade routers that receive Conditional Approval from DoW or DHS can continue to receive FCC equipment authorizations. Interested applicants are encouraged to submit applications to conditional-approvals@fcc.gov."

Not sure how many consumer-grade routers will be left for sale if it really is a ban on approvals for any foreign-made consumer routers like they said, and not just a bunch of already restricted Chinese makers like Huawei and ZTE.

https://www.fcc.gov/document/fcc-updates-covered-list-include-foreign-made-consumer-routers

FCC's "covered list" of "thou shalt not entities": https://www.fcc.gov/supplychain/coveredlist

ICYMI (from the not-all-cyber-news-is-horrible dept), a cyberattack on a U.S. vehicle breathalyzer company has left drivers across the United States stranded and unable to start their vehicles. This story positively cries out for a headline-writing contest. TechCrunch reports:

"The company, Intoxalock, says on its website that it is “currently experiencing downtime” after a cyberattack on March 14. Intoxalock sells breathalyzer devices that fit into vehicle ignition switches, and is used by people who are required to provide a negative alcohol breath sample to start their car."

https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/

New, by me: 'CanisterWorm' Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language.

https://krebsonsecurity.com/2026/03/canisterworm-springs-wiper-attack-targeting-iran/

New, breaking: Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru, Kimwolf, JackSkid and Mossad — are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline.

No word yet on which botmasters got a visit from feds, but the DOJ statement references law enforcement actions against against botmasters in Canada and Germany. Last month, I reported on a likely identity behind Dort, the main individual behind the Kimwolf botnet. The other suspect was a 15 y/o from Germany.

https://krebsonsecurity.com/2026/03/feds-disrupt-iot-botnets-behind-huge-ddos-attacks/

One of my early roles at WaPo was as an editorial aide in the Editorial section, where part of my job involved reading all the Letters to the Editor and separating the crazies from those might possibly have a salient point to make.

30 years later (gulp), I am still getting plenty of Letters to the Editor, but they are not what they used to be. Time was, they were mostly people convinced their lives were being turned upside down and inside out by nebulous hackers, the govt, their ex, etc. Back in WaPo days, the common thread from the crazies was that their tormentors were using radio signals or somesuch to track and harass them.

These days, however, the "they're all after me" pleas are getting drowned out by inquiries from people who have clearly delved too deep down the AI chatbot rabbit hole. To the point where they're trying to convince everyone that nefarious, AI-based actors are harassing them, or that benevolent sentient beings reside within.

The thing is, the sentient being claim aside, it is actually stupid easy with today's hot new agentic AI toys for people to make their worst nightmares come true -- including having all their stuff taken over by a machine that most definitely does not have their best interests at heart.

Scoop: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available for download from its homepage until today.

https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/