The threat group tracked as APT28 (Forest Blizzard/Fancy Bear) compromised 18,000 SOHO routers across 120+ countries by exploiting known vulnerabilities and default SNMP credentials. They modified DNS settings to redirect traffic through attacker-controlled servers, enabling adversary-in-the-middle attacks that harvested Microsoft OAuth tokens, passwords, and emails from 200+ organizations. The FBI’s Operation Masquerade sent court-authorized commands to reset compromised routers on U.S. soil.
On March 23, 2026, the FCC updated its Covered List to include every consumer-grade router produced outside the United States. New models can’t get FCC equipment authorization, which means they can’t be imported or sold here. Existing models already on shelves aren’t affected, and manufacturers can apply for a “Conditional Approval” exemption through the Department of War (formerly Department of Defense) or the Department of Homeland Security.
The ruling names the Volt, Flax, and Salt Typhoon campaigns as direct justification. And that’s where this gets interesting for anyone working in network security.
Overview # The PCI DSS Toolkit is a collection of read-only scripts that help sysadmins export configuration evidence from network devices, cloud environments, and operating systems for PCI DSS assessor review. Scripts connect to devices or APIs, export configuration data, and save it locally. No changes are made to any system.
juancarlosmunera/pci-tools PCI Tools and Scripts for assessors and sysadmins to aid both in evidence collection and evidence review.
PCI-DSS 11.5.2 - Guidance and Full Technical Deep Dive # (On-Prem, Hybrid, and Native) # I remember sitting in my first PCI assessment years ago, watching a QSA flip through pages of documentation. When we got to Requirement 11.5.2, file integrity monitoring, the conversation hit a wall. The requirement seemed straightforward on paper, but translating it into a hybrid environment with on-prem servers, AWS workloads, and network appliances? That’s where the real work begins.