Every week brings new reasons to take a hard look at your security posture. This week was no exception. Here are the stories worth knowing — and what they mean for your business.
The FCC Just Changed the Rules on Network Hardware
Effective immediately, the FCC has added all consumer routers manufactured outside the United States to its national security "Covered List" — the same list that previously targeted Huawei and ZTE. The decision follows an Executive Branch determination that foreign-made routers pose an unacceptable risk to U.S. critical infrastructure and national defense, citing Chinese state-sponsored hacking groups that used foreign routers to compromise U.S. infrastructure.
What this means practically: no new foreign-made router models can be sold in the U.S. without a new approval process that includes full supply chain transparency and a path to U.S.-based manufacturing. Existing models already on shelves are unaffected for now.
For businesses — especially those in manufacturing, public sector, and healthcare — this reinforces something we've been advising for some time: your network hardware choices carry compliance and security implications that go beyond price and performance. Organizations with government-adjacent contracts or regulated environments should be especially attentive to what's running on their networks.
Developers Are Being Targeted — And It's Getting Creative
Two separate campaigns this week targeted software developers. In the first, attackers backdoored the Telnyx package on the Python Package Index (PyPI), hiding credential-stealing malware inside a WAV audio file. In the second, a large-scale campaign flooded GitHub Discussions with fake Visual Studio Code security alerts — tricking developers into downloading malware disguised as a legitimate update.
These attacks matter beyond the developer community. If your organization uses software built or maintained by developers, the security of their development environment is part of your security perimeter. Supply chain attacks through compromised packages and tools are one of the fastest-growing attack vectors across every industry.
A Ransomware Gang That Escalates to Your Front Door
Krebs on Security published a detailed analysis this week of Scattered Lapsus ShinyHunters (SLSH), an extortion group with a playbook that goes well beyond encrypting files. After breaching companies through MFA phishing — posing as IT staff over the phone — the group escalates to threatening executives personally, swatting their homes, harassing their families, and flooding media outlets simultaneously. The advice from top researchers: don't engage, don't pay. Payment doesn't stop the harassment; it signals that the tactics work.
The entry point for SLSH attacks is consistently the same: a phone call to an employee claiming to be IT support, followed by a credential harvesting page. This is a social engineering attack that strong email security, endpoint protection, and MFA alone don't fully address — staff awareness is the last line of defense.
Also Worth Noting
The European Commission disclosed a breach of its Amazon cloud environment this week, and CISA flagged an actively exploited vulnerability in Langflow, an AI agent-building framework. The Langflow flaw is particularly relevant for any organization experimenting with AI workflow tools — patch or disable promptly if you're running it.
The Takeaway
Three themes this week: hardware supply chain risk is now a regulatory issue, developer tool compromise is an underappreciated entry point, and social engineering attacks are growing more personal and aggressive. None of these require exotic new defenses — they require the fundamentals done well: compliant hardware, layered endpoint and email security, and a team that knows how to recognize a social engineering attempt when it arrives by phone.
Questions about your current security posture? We offer a free assessment.