Attackers compromised CPUID’s official website and swapped download links for CPU-Z and HWMonitor with trojanized packages delivering STX RAT. The attack targeted the exact tools IT professionals carry on USB drives and run on production servers, turning implicit trust in a 20-year-old download source into a direct path to privileged credentials.
On March 23, 2026, the FCC updated its Covered List to include every consumer-grade router produced outside the United States. New models can’t get FCC equipment authorization, which means they can’t be imported or sold here. Existing models already on shelves aren’t affected, and manufacturers can apply for a “Conditional Approval” exemption through the Department of War (formerly Department of Defense) or the Department of Homeland Security.
The ruling names the Volt, Flax, and Salt Typhoon campaigns as direct justification. And that’s where this gets interesting for anyone working in network security.
A practitioner breakdown of the IBM X-Force Threat Intelligence Index 2026. Vulnerability exploitation overtakes phishing as the top attack vector, supply chain compromises quadruple, and AI accelerates attacker operations while defenders struggle with the basics.
OpenClaw made remarkable security strides since my January article, hired dedicated security leadership, patched 40+ vulnerabilities, partnered with VirusTotal. Then ClawHavoc exposed 341 malicious skills. And now the founder just joined OpenAI. A breakdown of everything that changed, what still worries me, and how to think about deploying OpenClaw in this new reality.