Let's take inventory of what we know this week.

Russia is inside your home router harvesting your passwords in real time. Iran has escalated attacks on the infrastructure that keeps your lights on and your water running. North Korea owns five of the most critical repositories in modern software development. The LAPD got robbed and their sensitive documents are now public. The FBI got breached by Chinese state hackers who may have walked out with the identities of every active surveillance target in their system — and the FBI's response has been to say absolutely nothing.

This is not a bad week in cybersecurity.

This is a reckoning.

For thirty years, the United States built the most sophisticated digital surveillance and intelligence apparatus in human history. We tapped undersea cables. We built PRISM. We put a computer in every pocket and a microphone in every room and we told ourselves that the data flowing through all of it made us safer, smarter and untouchable. We were the watchers. That was the deal.

Salt Typhoon just voided the contract.

Because here is what a breach of an FBI surveillance system actually means in plain language: Beijing may now know exactly who we're watching. Every source. Every target. Every ongoing counterintelligence operation. Every name on that list is now a liability. Every investigation potentially compromised. Every asset potentially burned. And the agency responsible for protecting the American people from exactly this kind of threat has responded with the sound of absolute silence.

The silence is the story.

When the FBI gets breached and doesn't tell the public, when the LAPD gets looted and sensitive documents end up on the internet, when Russia spends eight months inside American home networks and we find out from Microsoft and the British government rather than our own agencies — what we're witnessing isn't just a series of security failures. It's an institutional credibility crisis happening in slow motion at the worst possible time.

Trust is the operating system that everything else runs on. Not firewalls. Not legislation. Not zero-trust architecture or quantum-resistant encryption or AI-powered threat detection. Trust. Trust that the institutions responsible for protecting us are being honest about what's happening. Trust that when something catastrophic occurs, the people who know about it will say so. Trust that the silence coming from official channels means nothing happened — not that something happened and nobody wants to admit it.

That trust is being systematically destroyed. Not just by the hackers. By the silence that follows them.

Meanwhile the policy apparatus grinds forward at its own majestic pace. The FCC banned some routers. Congress is debating Section 702. Someone is writing a press release somewhere with the word "robust" in it. And Salt Typhoon is reading the FBI's mail.

We are in an undeclared cyberwar being fought on every front simultaneously — in your living room, in your developer tools, in your power grid, in the databases of your law enforcement agencies — and the official posture of the institutions responsible for defending us oscillates between bureaucratic delay and complete silence.

Here is the only question that matters now:

If the watchers can't protect themselves, what exactly are the rest of us supposed to do?

We don't have a clean answer. Nobody does. But we'd start by demanding that the people who know what's happening stop pretending they don't.

The first step to fixing a breach is admitting you have one.

Ask the FBI how that's going.

The editorial opinions expressed here are those of the author and represent the view from the cheap seats — which, it turns out, have an excellent view of the dumpster fire.

Russian hackers hijack thousands of home routers in global espionage campaign
APT28 (Fancy Bear) compromised thousands of consumer routers to steal credentials and authentication tokens—demonstrating how overlooked edge devices are now strategic entry points for state actors.
Source: TechCrunch | Tue, Apr 7

DNS hijacking campaign targets consumer and SOHO routers
UK and allied agencies confirmed attackers rerouted internet traffic through malicious infrastructure to intercept logins and emails—turning home and small office networks into intelligence assets.
Source: Computer Weekly | Tue, Apr 7

Breach roundup: FBI labels “major incident” as Hasbro, Cisco, Nissan hit
This week’s incidents span enterprise, government, and manufacturing—highlighting the breadth of ongoing cyber disruption.
Source: Kaseya | Wed, Apr 8

LAPD breach exposes sensitive police documents
Hackers accessed a legal system tied to the city’s Attorney’s Office, with stolen data later leaked—raising concerns around municipal data security.
Source: TechCrunch | Wed, Apr 8

Open-source ecosystem under coordinated attack across five major repositories
Threat actors compromised npm, PyPI, Go Modules, and others—embedding malware into widely used developer dependencies and bypassing traditional enterprise defenses.
Source: Developer Tech News | Wed, Apr 8

North Korea-linked actors tied to Axios package compromise
A malicious version of a widely used library was distributed at scale, reinforcing that software supply chains remain one of the most systemic risks in tech.
Source: Nextgov / TechCrunch | Tue, Mar 31

Hack-for-hire group targets Android devices and iCloud accounts
Researchers uncovered a campaign combining spyware and phishing to compromise both mobile devices and cloud backups—blurring lines between consumer and enterprise risk.
Source: TechCrunch | Wed, Apr 8

Iranian hackers targeting U.S. critical infrastructure
U.S. agencies warn of escalating tactics tied to geopolitical tensions—placing energy, government, and essential services on alert.
Source: TechCrunch | Tue, Apr 7

“Yesterday’s cybersecurity won’t work for next-gen cloud attacks”
A Cybercrime Magazine discussion highlights a shift toward identity-first, AI-aware security models as attackers increasingly bypass perimeter defenses.
Source: Cybercrime Magazine | Wed, Apr 8

Operationalizing AI security becomes the next enterprise hurdle
Organizations now face a new challenge: integrating AI into security operations without creating tool sprawl, alert fatigue, or governance gaps.
Source: TechRepublic | Wed, Apr 8

10 ChatGPT prompts for SOC analysts
Practical examples show how AI is already being embedded into daily workflows—from triage to documentation—accelerating response cycles.
Source: TechRepublic | Wed, Apr 8

Google warns quantum threats to crypto may arrive sooner than expected
The timeline for breaking current encryption is compressing—forcing earlier migration to post-quantum standards across industries.
Source: TechRepublic | Wed, Apr 1

Bitcoin creator speculation resurfaces—Adam Back denies claim
A renewed debate over Bitcoin’s origins underscores the continued influence of early cryptography pioneers on modern security discussions.
Source: TechCrunch | Wed, Apr 8

Section 702 renewal push intensifies ahead of expiration
Former national security officials urge Congress to renew the surveillance authority before its April deadline—keeping intelligence policy front and center.
Source: Nextgov | Wed, Apr 8

Treasury builds database of sensitive pandemic aid data
A new federal database raises concerns about scope, governance, and long-term data security practices.
Source: Nextgov | Wed, Apr 8

IBM + Arm collaboration signals future of hybrid enterprise compute
A dual-architecture approach aims to combine Arm efficiency with IBM mainframe reliability for AI and data-intensive workloads.
Source: Computer Weekly | Thu, Apr 2

NotebookLM integrates into Gemini for persistent AI workflows
Google is pushing toward “AI as workspace,” linking notes, context, and conversations into a continuous productivity environment.
Source: Digital Trends | Thu, Apr 9

The real measure of innovation is human impact—not efficiency
A commentary argues that success in digital transformation should be measured by real-world outcomes—adoption, decision quality, and improved lives—not just speed or cost.
Source: Computer Weekly | Thu, Apr 9

Russia is in your router. Iran is hitting your infrastructure. North Korea owns your dev tools. China just read the FBI's most sensitive files. And the institutions responsible for protecting you are responding with legislation that won't work, silence that won't hold, and press releases that won't save anyone.

We are not having a cybersecurity problem.

We are having a civilization problem.

The perimeter is gone. The watchers are compromised. The plumbing is poisoned. And the only people who seem to fully understand the severity of what's happening are the ones doing it to us.

Pay attention. Ask hard questions. Trust nothing you haven't verified. And for the love of everything sacred, update your router firmware.

See you next week… If the lights are still on.