FCC router ban, drone hit AWS, Crunchroll leak

Cybersecurity Headlines – March 25, 2026
Host: Rich Stroffelino, CISO Series

Episode Overview

This episode delivers a rapid-fire update on major cybersecurity stories from around the globe. Today’s headlines focus on new US restrictions on foreign routers, cyber-physical disruptions caused by drone activity near AWS data centers, a massive data breach at Crunchyroll, the formal launch of the US State Department’s Bureau of Emerging Threats, and notable incidents involving Lapsus and Shiny Hunters. The tone is factual, brisk, and focused on actionable information for security professionals.

Key Discussion Points & Insights

1. FCC Bans Foreign Consumer Routers

Timestamp: 00:13–01:00

The US Federal Communications Commission (FCC) has updated its "covered list," banning all foreign-made consumer routers from FCC clearance.
- Existing devices and previously-purchased routers are not affected.
- Reason: Security concerns about routers being used by malicious actors for attacks on US households, espionage, and intellectual property theft.
Manufacturers can appeal for conditional approval through the Department of Defense or Homeland Security.

Quote:

“The FCC cited malicious actors have exploited security gaps in foreign made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft as the reason for the ban.” (Rich Stroffelino, 00:36)

2. Drone Activity Disrupts AWS Bahrain Region

Timestamp: 01:01–01:39

AWS Bahrain region experienced disruptions attributed to drone activity near US-Israeli war on Iran zone.
Amazon is migrating customers to alternate regions; no details on direct or indirect hits, nor the outage’s expected duration.
Recaps a similar event in UAE earlier this month, which caused substantial damage and power disruptions.

Quote:

“It's not clear if the facility was hit directly by a drone, it was struck nearby, or something else.” (Rich Stroffelino, 01:17)

3. Crunchyroll Suffers Major Support Ticket Data Leak

Timestamp: 01:40–02:16

An anonymous threat actor claimed theft of 100GB of support ticket data (allegedly via a breached Telus employee account).
Crunchyroll confirmed the breach:
- Affected approximately 6.8 million people.
- Data included IPs, names, emails, and partial credit card numbers.
Attackers demanded a $5 million ransom; Crunchyroll refused to negotiate.

Quote:

“The threat actors asked for a $5 million ransom to not leak the data, but Crunchyroll did not negotiate.” (Rich Stroffelino, 02:12)

4. US State Department Launches Bureau of Emerging Threats

Timestamp: 02:17–02:57

New bureau formalized with mission to protect US security from advanced and emerging cyber threats, with particular mentions of Iran, China, Russia, and North Korea.
Scope includes: Cyber attacks, quantum computing, AI-enabled attacks, weaponization of space.
Bureau comprised of five divisions:
- Office of Critical Infrastructure Security
- Office of Cybersecurity
- Office of Disruptive Technology
- Office of Space Security
- Office of Threat Assessment

5. US Treasury Considers Cyber Inclusion in Terrorism Risk Insurance

Timestamp: 03:12–03:44

The US Treasury requests public commentary on expanding the Terrorism Risk Insurance Program (TRIP) to cover cyber events.
TRIP provides a federal backstop for terrorism risk insurance; original intent post-9/11.
Soliciting input on changes that would encourage cyber-related terrorism insurance coverage.
Comment period is open until May 8, 2026; the program expires in 2027.

6. Lapsus Extortion Group Claims AstraZeneca Breach

Timestamp: 03:45–04:15

Lapsus, a known extortion group, claims exfiltration of ~3 GB from pharma giant AstraZeneca, including credentials, tokens, code, configuration files, and some employee data.
No ransom price set.
Socradar suggests internal business operations may be affected.

7. Infinite Campus Education Platform Breach

Timestamp: 04:16–04:58

EdTech company Infinite Campus warns customers of a breach tied to an employee Salesforce account.
Shiny Hunters claim responsibility, threatening to leak PII and internal corporate data if no ransom is paid (deadline: today).
Infinite Campus handles data on 11 million students and over 3,200 school districts; says customer databases weren’t accessed.

Quote:

“If your kids don't already have some free credit monitoring, you're in luck.” (Rich Stroffelino, 04:16, tongue-in-cheek)

8. Russian Access Broker “Chewbacore” Sentenced

Timestamp: 04:59–05:32

Alexei Volkov (Chewbacore), associated with the Yan Lao Wang ransomware group, received an 81-month federal prison sentence.
Convicted of six federal charges for brokering initial access for dozens of attacks, causing over $9 million in losses.
Must pay restitution and forfeit all equipment.

Notable Quotes & Memorable Moments

On the FCC router ban:

"Devices already on the market and previously purchased routers are not impacted." (Rich Stroffelino, 00:28)
Dry wit on student data breach:

“If your kids don't already have some free credit monitoring, you're in luck.” (Rich Stroffelino, 04:16)
On AWS disruptions:

“Amazon said it’s in the process of helping to migrate customers to alternate regions in the interim.” (Rich Stroffelino, 01:32)

Important Timestamps

FCC Router Ban: 00:13–01:00
AWS Drone Disruption: 01:01–01:39
Crunchyroll Leak: 01:40–02:16
State Department Bureau: 02:17–02:57
Terrorism Insurance Update: 03:12–03:44
Lapsus/AstraZeneca Breach: 03:45–04:15
Infinite Campus Breach: 04:16–04:58
Chewbacore Sentencing: 04:59–05:32

Tone and Style

Rich Stroffelino maintains a brisk, clear, slightly wry tone, highlighting impacts, context, and sometimes adding a tongue-in-cheek remark to underline the human costs of breaches. Throughout, emphasis is on clarity, actionable impact, and the rapidly evolving cybersecurity threatscape.

For more stories or to dive deeper, visit cisoseries.com.

Transcript

A (0:00)

From the CISO series, it's Cybersecurity Headlines

B (0:06)

these are the cybersecurity headlines for Wednesday, March 25, 2026. I'm Rich Stroffelino. FCC bans foreign routers the US Federal Communications Commission updated its covered list of products that will be barred from FCC clearance in the US to include all foreign consumer grade routers. It previously added most foreign made drones to the list. This plan applies to new device models, so devices already on the market and previously purchased routers are not impacted. The FCC cited malicious actors have exploited security gaps in foreign made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft as the reason for the ban. Router makers can appeal for conditional approval to sell in the US With a petition to the Department of Defense or or Homeland Security Drone Activity Disrupts AWS Region for the second time in a month, Amazon saw an AWS region disrupted due to proximity to the US Israeli war on Iran. The company confirmed its Bahrain region suffered a disruption due to drone activity. Without going into too many specifics, it's not clear if the facility was hit directly by a drone, it was struck nearby, or something else. It's unclear how long the disruption will last. Amazon said it's in the process of helping to migrate customers to alternate regions in the interim. Amazon said the previous drone strike on a UAE facility earlier this month caused water damage, structural damage, disrupted power delivery to our infrastructure, and in some cases required fire suppression. Crunchyroll Confirmed data Leak Last week, an anonymous threat actor contacted several outlets claiming to have stolen roughly 100 GB of Crunchyroll support ticket information. This information was allegedly obtained through a breach Telus employee account. After posting the information on a few illicit forums, the anime streaming giant confirmed the data was legitimate. This contains information on about 6.8 million people, exposing IP addresses, names, emails and partial credit card numbers. The threat actors asked for a $5 million ransom to not leak the data, but Crunchyroll did not negotiate. State Department makes a Bet on Bureau of Emerging Threats after announcing it nearly a year ago, the US State Department formally launched this new entity with a mandate to protect American national security against advanced threats from foreign adversaries, specifically naming Iran, China, Russia and North Korea. This includes cyber attacks as well as emerging threats such as quantum computing and AI enabled attacks and the weaponization of space. The Bureau of Emerging Threats will have five divisions the Office of Critical Infrastructure Security, the Office of Cybersecurity, the Office of Disruptive Technology, the Office of Space Security, and the Office of Threat Assessment. And now, thanks to today's sponsor, ThreatLocker, least privilege isn't about distrusting users, it's about limiting blast radius. Many attacks succeed because malware inherits excessive permissions. Enforcing least privilege helps ensure that even if something goes wrong, attackers can't easily escalate access or move laterally across the environment. Learn more@threatlocker.com US treasury considers expanding Terrorism Insurance to cyber the treasury is seeking public comment in a Federal Register notice about the effectiveness of the Terrorism Risk insurance program, or TRIP. This was created in 2002 in the wake of the 911 attacks, providing a federal backstop to make terrorism risk insurance more available. The notice specifically asked for feedback on any potential changes to TRIP that would encourage the take up of insurance for cyber relations related losses arising from acts of terrorism. Public comment will be accepted until May 8, and the law authorizing TRIP is set to expire in 2027. Lapsus claims it breached AstraZeneca the Lapsus extortion group added the pharma giant to its leak site. Researchers at socradar report that known members of Lapsus have been boasting on illicit forums that it exfiltrated roughly 3 gigabytes of data from AstraZeneca. These allegedly include credentials, tokens, application code for controllers, repositories, services, schedulers, configuration fil and spring boot resources, as well as employee data. Interesting for an extortion group, there was no price set for these supposedly purloined data. Socradar says the nature of the stolen data suggests that it may have affected internal business operations. Infinite Campus Warns of a Breach if your kids don't already have some free credit monitoring, you're in luck. The popular K12 EdTech company Infinite Campus began warning customers that it suffered a data breach. The extortion group's Shiny Hunters claim credit for the breach. Infinite Campus says the data was accessed through an employee's Salesforce account, a pretty familiar tactic for Shiny Hunters. The group gave the company until today to pay a ransom or leak out personally identifiable information and internal corporate data. Infinite Campus manages data on 11 million students across over 3,200 school districts in 46 states. Infinite Campus maintains that no customer databases were accessed in the attack. Russian Access brokers sentenced to 81 months back in November 2025, Alexei Volkov, aka Chewbacore, pleaded guilty to six federal charges as part of his work in the Yanla Wang ransomware group. Volkov served as an initial access broker for the group, facilitating dozens of attacks, resulting in over $9 million of combined losses. The case provided a very clear picture on how initial access brokers work within ransomware organizations, how they're compensated, and and the breadth of Yan Lao Wang's activities. A judge now sentenced him to 81 months in federal prison. Volkov must also pay full restitution to victims and turn over all equipment used in criminal activities. The CISO series is shipping out to Boston next month, and we'd love for you to be there. We'll be doing a live CISO Series podcast recording at Aqueduct Technologies in Canton on April 30th. We'll have these same great discussions with our CISO guests like we feature on every episode of Plus a few fun games and a lightning Q and A. We'd love to see you there, so head on over to our events page@cisoseries.com for more information. If you have some thoughts about the news from today, or about the show in general, be sure to reach out to us feedbackisoseries.com we'd love to hear from you. Reporting for the CISO Series, I'm Rich Stroffaliano, reminding you to have a super sparkly day.

Cybersecurity Headlines – March 25, 2026
Host: Rich Stroffelino, CISO Series

Episode Overview

Key Discussion Points & Insights

1. FCC Bans Foreign Consumer Routers

Timestamp: 00:13–01:00

The US Federal Communications Commission (FCC) has updated its "covered list," banning all foreign-made consumer routers from FCC clearance.
- Existing devices and previously-purchased routers are not affected.
- Reason: Security concerns about routers being used by malicious actors for attacks on US households, espionage, and intellectual property theft.
Manufacturers can appeal for conditional approval through the Department of Defense or Homeland Security.

Quote:

“The FCC cited malicious actors have exploited security gaps in foreign made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft as the reason for the ban.” (Rich Stroffelino, 00:36)

2. Drone Activity Disrupts AWS Bahrain Region

Timestamp: 01:01–01:39

AWS Bahrain region experienced disruptions attributed to drone activity near US-Israeli war on Iran zone.
Amazon is migrating customers to alternate regions; no details on direct or indirect hits, nor the outage’s expected duration.
Recaps a similar event in UAE earlier this month, which caused substantial damage and power disruptions.

Quote:

“It's not clear if the facility was hit directly by a drone, it was struck nearby, or something else.” (Rich Stroffelino, 01:17)

3. Crunchyroll Suffers Major Support Ticket Data Leak

Timestamp: 01:40–02:16

An anonymous threat actor claimed theft of 100GB of support ticket data (allegedly via a breached Telus employee account).
Crunchyroll confirmed the breach:
- Affected approximately 6.8 million people.
- Data included IPs, names, emails, and partial credit card numbers.
Attackers demanded a $5 million ransom; Crunchyroll refused to negotiate.

Quote:

“The threat actors asked for a $5 million ransom to not leak the data, but Crunchyroll did not negotiate.” (Rich Stroffelino, 02:12)

4. US State Department Launches Bureau of Emerging Threats

Timestamp: 02:17–02:57

New bureau formalized with mission to protect US security from advanced and emerging cyber threats, with particular mentions of Iran, China, Russia, and North Korea.
Scope includes: Cyber attacks, quantum computing, AI-enabled attacks, weaponization of space.
Bureau comprised of five divisions:
- Office of Critical Infrastructure Security
- Office of Cybersecurity
- Office of Disruptive Technology
- Office of Space Security
- Office of Threat Assessment

5. US Treasury Considers Cyber Inclusion in Terrorism Risk Insurance

Timestamp: 03:12–03:44

The US Treasury requests public commentary on expanding the Terrorism Risk Insurance Program (TRIP) to cover cyber events.
TRIP provides a federal backstop for terrorism risk insurance; original intent post-9/11.
Soliciting input on changes that would encourage cyber-related terrorism insurance coverage.
Comment period is open until May 8, 2026; the program expires in 2027.

6. Lapsus Extortion Group Claims AstraZeneca Breach

Timestamp: 03:45–04:15

Lapsus, a known extortion group, claims exfiltration of ~3 GB from pharma giant AstraZeneca, including credentials, tokens, code, configuration files, and some employee data.
No ransom price set.
Socradar suggests internal business operations may be affected.

7. Infinite Campus Education Platform Breach

Timestamp: 04:16–04:58

EdTech company Infinite Campus warns customers of a breach tied to an employee Salesforce account.
Shiny Hunters claim responsibility, threatening to leak PII and internal corporate data if no ransom is paid (deadline: today).
Infinite Campus handles data on 11 million students and over 3,200 school districts; says customer databases weren’t accessed.

Quote:

“If your kids don't already have some free credit monitoring, you're in luck.” (Rich Stroffelino, 04:16, tongue-in-cheek)

8. Russian Access Broker “Chewbacore” Sentenced

Timestamp: 04:59–05:32

Alexei Volkov (Chewbacore), associated with the Yan Lao Wang ransomware group, received an 81-month federal prison sentence.
Convicted of six federal charges for brokering initial access for dozens of attacks, causing over $9 million in losses.
Must pay restitution and forfeit all equipment.

Notable Quotes & Memorable Moments

On the FCC router ban:

"Devices already on the market and previously purchased routers are not impacted." (Rich Stroffelino, 00:28)
Dry wit on student data breach:

“If your kids don't already have some free credit monitoring, you're in luck.” (Rich Stroffelino, 04:16)
On AWS disruptions:

“Amazon said it’s in the process of helping to migrate customers to alternate regions in the interim.” (Rich Stroffelino, 01:32)

Important Timestamps

FCC Router Ban: 00:13–01:00
AWS Drone Disruption: 01:01–01:39
Crunchyroll Leak: 01:40–02:16
State Department Bureau: 02:17–02:57
Terrorism Insurance Update: 03:12–03:44
Lapsus/AstraZeneca Breach: 03:45–04:15
Infinite Campus Breach: 04:16–04:58
Chewbacore Sentencing: 04:59–05:32

Tone and Style

For more stories or to dive deeper, visit cisoseries.com.

wavePod

Summary

Episode Overview

Key Discussion Points & Insights

1. FCC Bans Foreign Consumer Routers

2. Drone Activity Disrupts AWS Bahrain Region

3. Crunchyroll Suffers Major Support Ticket Data Leak

4. US State Department Launches Bureau of Emerging Threats

5. US Treasury Considers Cyber Inclusion in Terrorism Risk Insurance

6. Lapsus Extortion Group Claims AstraZeneca Breach

7. Infinite Campus Education Platform Breach

8. Russian Access Broker “Chewbacore” Sentenced

Notable Quotes & Memorable Moments

Important Timestamps

Tone and Style

Transcript

Summary

Episode Overview

Key Discussion Points & Insights

1. FCC Bans Foreign Consumer Routers

2. Drone Activity Disrupts AWS Bahrain Region

3. Crunchyroll Suffers Major Support Ticket Data Leak

4. US State Department Launches Bureau of Emerging Threats

5. US Treasury Considers Cyber Inclusion in Terrorism Risk Insurance

6. Lapsus Extortion Group Claims AstraZeneca Breach

7. Infinite Campus Education Platform Breach

8. Russian Access Broker “Chewbacore” Sentenced

Notable Quotes & Memorable Moments

Important Timestamps

Tone and Style