Prepare to be re-routed, plus everyone gets a DarkSword

Danny Brugmann

8 min read
Prepare to be re-routed, plus everyone gets a DarkSword
All future made routers manufactured outside the US are currently banned stateside.

Five Cyber Stories - March 29, 2026 - Issue 002

Welcome to the second issue of Five Cyber Stories! Each week I'm sharing five stories showing how cybersecurity and digital surveillance affects our physical lives. This week we're talking routers, DarkSwords for all, poisoned wells, and more.

Let's jump in!

1. ... Re-Routing ...

A determination: This week the Federal Communications Commission announced all yet to be approved network routers manufactured outside the U.S. would be banned unless given an exemption from the Department of Defense or the Department of Homeland Security. This was done with the stated rationale of shoring up national security. The F.C.C. also released a fact sheet with more details.

Comms report: If your router was manufactured outside of the country, you very likely don't have to run to the store just yet. I recommend reading The Verge's explainer (it's a gift link!) from reporter Sean Hollister. The F.C.C.'s announcement created some confusion based on the number and nature of articles written by outlets such as TechCrunch, Wired ($), CyberScoop, DarkReader and others I'm sure. Sean does a great job of listing the ins and outs of the effective ban.

In short, all "...previously-purchased consumer grade routers..." (like the one probably in your home or business) are exempt from this ban. It only applies to routers yet to have been granted approval for operation in the U.S.

To give some context behind the F.C.C.'s announcement, a "...'Typhoon' family of Chinese hacking groups..." have launched cyberattacks at the U.S. Government via network routers. The F.C.C.'s order makes some sense based on this history, but the Salt Typhoon hack involved "...compromised Cisco routers." - routers made by an American company. Though Cisco's routers are made overseas, I think the point still stands. As Jason Soroko, Fellow at Sectigo, tells Dark Reading, "Threat actors exploit these vulnerabilities across domestic and international hardware alike...".

Another wrinkle to this national security determination is the availability of American-made routers. The Verge and Wired($) know of only one router currently made in the U.S., and it's made by Elon Musk's SpaceX. There is also a variant of the same SpaceX router made in Vietnam. The company didn't respond to questions from The Verge about how many of these routers are made in the U.S., and I would guess SpaceX's current market share for routers in the states is very small though I'm without official numbers.

The Verge additionally points out this has some appearance of a roundabout way of implementing a tariff. Though the F.C.C. isn’t saying that directly, I think one doesn't have to squint very hard to connect those dots.

So, are we all about to have to buy SpaceX routers? Will certain router manufacturers be granted Conditional Approval from the D.O.D. or D.H.S.? Will companies start making more routers within U.S. borders? Time will tell. For now, there seem to be more questions than answers.

The DarkSword iOS exploit kit was leaked to the public on GitHub this past week.

2. You get a DarkSword, you get a DarkSword, and you get a DarkSword!

Code Red: In last week's issue, we learned about DarkSword - a commercial grade exploit kit able to "hack" iPhones running older iOS software in a matter of seconds. This week that same kit was made available to the public on GitHub - a popular code hosting site. There are already examples of DarkSword being taken for a spin.

Advisory update: Imagine driving down the road and coming across a bucket of missile launchers with a cardboard sign reading, "FREE - TAKE ONE." Based on Nate Nelson's article for Dark Reading, this analogy isn't too far off the mark . He says that uploading DarkSword to GitHub makes it possible for "...anyone off the street to compromise Apple devices just like the NSA and FSB do."

While Nelson's article suggests the future could be filled with more commercial spyware in the public arena, there is something you can do right now to protect yourself. Update your iPhone. Installing the latest versions of iOS 26 or iOS 18 will shield your phone against DarkSword, and Lockdown Mode can make it even more protected at the cost of some convenient features.

Iranian hackers breached FBI Director Kash Patel's personal email account.

3. Hack gets personal

The case file: On Friday, Reuters broke the news that FBI Director Kash Patel's personal email was hacked this week by Iranian hackers — or "hactivists" — known as Handala. Fortunately, as confirmed by TechCrunch, the breached email account was Director Patel's personal Gmail, which has seemingly not been used much in recent years. It may also be worth noting that Patel did send emails from his Department of Justice address to this Gmail account in 2014 though most of the leaked emails appear to be just personal rather than government related.

In Brief: As with the cyberattack on Stryker and the claimed leak of Lockheed Martin personnel's data by Handala, the hacking of the FBI Director's personal email stems from fallout from the conflict with Iran. Handala even attributed the Stryker hack as retaliation for a missile strike that allegedly hit an Iranian school.

While this newsletters's goal is to draw attention to how cybersecurity affects our physical lives, I think it's important to note that it's a two-way street. The realities of our physical lives can affect our digital lives, and we can see in stories like this one how cyber attacks often become entangled with weapons of war. Maybe that means our digital and physical lives are more and more, one and the same.

The group TeamPCP infected multiple free and open source projects with malware this week.

4. Poison in the well

The sabotage: This week, "hacking group" TeamPCP infected multiple free and open-source software tools across the internet: Aqua Security's Trivy Scanner, CheckMarx KICS, LiteLLM, and most recently the Python Telnyx package. For the scope of this newsletter, I'll swap the specifics and jargon for an analogy. All of these projects' code is hosted on GitHub which acts as a "well" of sorts, and TeamPCP infected each of these wells with malware (i.e. poison).

It's contagious: Now, you might be asking yourself, to quote the wise sage Unicorse, "Why should I care?" Given how many things there are to worry about (even in the best of times), I think that's a sincere question. Personally, I'd say attacks like these hurt not just the infected party, but society at large. Open source software is often built with volunteers' free labor, and it forms the foundation for a lot of the software, much of it profitable ($), that we benefit from as a society. I personally believe cyberattacks that use open source software as vectors exploits the good will of volunteers that made that software. It also has the wider risk of undermining our collective trust in open-source and public-interest software.

Alexander Martin writes for The Record regarding the attack on LiteLLM:

The incident highlights growing concerns over the security of the open-source software supply chain, where widely-used tools maintained by small teams can provide a gateway into thousands of organizations if compromised.

At risk of overstating things, I think cyberattacks like the ones against Trivy Scanner and others can compromise systems of trust that ultimately help our neighbors and communities. If a volunteer can’t trust that their free tools won’t be used against people, they may be less likely to make good, high quality open-source software. And if the wider open-source community can’t trust the safety of those tools to begin with, they inherently become less useful. I believe that's worth dwelling on more.

Author Andrew Guthrie Ferguson highlights self-surveillance in his latest book.

5 . "Spit and Acquit?"

The evidence: This week, Wired ($) published an excerpt of the book, Your Data Will Be Used Against You: Policing in the Age of Self-Surveillance. The preview of the book is a longer read, but it details how our biometric data is a form of "self-surveillance." The author, Andrew Guthrie Ferguson, gives multiple examples of said data and how it's used.

As one use case, many have mailed their saliva, "consumer DNA," to services like 23andMe or Ancestry.com. The book cites the LA Times' ($) reporting from 2019 that "consumer DNA" was used to close 66 cases involving 14 alleged "...serial killers and rapists and unsolved crimes..." I think that's something most of us would see as a net good though that sentiment might change after learning some of the DNA was taken from a discarded miscarriage ($).

Another instance of biometric data utilization is stadium or event venues. To give an example, Ferguson cites the example of how a woman was denied entry to a Rockettes' performance (gift link!) because of where she worked. Attorney Kelly Conlon was attending the event with her daughter's Girl Scouts troop, but was turned away because the law firm where she worked was involved in a case against the owner of the venue. Ms. Conlon was neither involved in the case, nor practiced law in the same state as the event. While this is less of a slam dunk in terms of building consensus, I think most of us feel uncomfortable with how facial recognition is used in this scenario.

The excerpt goes on to give more examples of biometric surveillance both positive - solving crimes - and negative - abuses of power based on biometric information. A package thief is caught on camera and identified with facial recognition. Suspects were offered acquittals in Orange County in exchange for a spit sample. New Jersey's Department of Health held onto babies' blood samples for 23 years ($) without letting parents know.

My deliberation: While there are many skeptics, I personally believe that there's some good to be had with this type of surveillance. Still, many aspects of this technology make me feel uneasy, and Ferguson points out in his book that the ever-increasing ability to process vast amounts of biometric data with a computer makes it easy to imagine dystopian scenarios. Where do we draw the line? And who is responsible for drawing them?

I'll end this story with a quote from the book found at the very end of this this excerpt ($):

"We can ditch our cars or phones or Echo Dots, at least in theory. We can’t ditch our DNA, or our hearts, or our faces. That makes protecting them all the more important."

Wrapping up this week...

Some honorable mentions for stories that didn't make my top five include mass surveillance stopping a child's school enrollment, job interview scams, a malicious search result, and how VPNs might actually give Americans less privacy ($).

Did I miss anything? Let me know by replying to this email, and I'd love to hear what you did (or didn't) like about this week's letter. Also, if you know someone who might appreciate stories like these, please forward this email (or link) to a friend.

As always, thanks for reading!

Danny

P.S. You might have noticed that some links have "($)" next to them this week. This signifies that the link directs to a news outlet with a paywall barring I'm able to use a Gift Link. I stole this idea from Zack Whittaker's this week in security newsletter, which I recommend subscribing to if you want more stories with deeper analysis. Zack is also a security editor for TechCrunch, and this week's issue includes some of his articles.

Read more