FCC Router Ban, Darksword Exploit, and VS Code Malware - Blumira Briefings

Show Notes

Welcome to Blumira Briefings, your weekly download of the top headlines and trends for your security practice.

This week's episode:

- The U.S. Federal Communications Commission, a government agency that regulates interstate and international communications, recently announced a significant new policy. The commission is banning the import of all new foreign-made consumer routers into the United States
- A version of sophisticated iPhone spyware, known as DarkSword, has been publicly leaked on GitHub, raising urgent concerns among cybersecurity experts about potential widespread compromises of Apple iOS devices.
- A threat group linked to North Korea, known as Team 8, is actively deploying new malware called StoatWaffle by exploiting features within Microsoft Visual Studio Code. This campaign, part of their ongoing "Contagious Interview" operations, abuses the editor's "tasks.json" auto-run functionality

--

Have a security topic you want us to cover? Want to hear more on a story we covered this week? Let us know in the comments!

--

Sources:
US regulator bans imports of new foreign-made routers, citing security concerns
https://www.reuters.com/sustainability/boards-policy-regulation/fcc-banning-imports-new-chinese-made-routers-citing-security-concerns-2026-03-23
--
DarkSword’s GitHub leak threatens to turn elite iPhone hacking into a tool for the masses
https://cyberscoop.com/darksword-iphone-spyware-leak-ios-18-exploit-threat/
--
North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware
https://securityaffairs.com/189880/security/north-korea-linked-threat-actors-abuse-vs-code-auto-run-to-spread-stoatwaffle-malware.html