Cybersecurity Headlines – March 25, 2026
Host: Rich Stroffelino, CISO Series

Episode Overview

This episode delivers a rapid-fire update on major cybersecurity stories from around the globe. Today’s headlines focus on new US restrictions on foreign routers, cyber-physical disruptions caused by drone activity near AWS data centers, a massive data breach at Crunchyroll, the formal launch of the US State Department’s Bureau of Emerging Threats, and notable incidents involving Lapsus and Shiny Hunters. The tone is factual, brisk, and focused on actionable information for security professionals.

Key Discussion Points & Insights

1. FCC Bans Foreign Consumer Routers

Timestamp: 00:13–01:00

• The US Federal Communications Commission (FCC) has updated its "covered list," banning all foreign-made consumer routers from FCC clearance.
  • Existing devices and previously-purchased routers are not affected.
  • Reason: Security concerns about routers being used by malicious actors for attacks on US households, espionage, and intellectual property theft.
• Manufacturers can appeal for conditional approval through the Department of Defense or Homeland Security.

Quote:

“The FCC cited malicious actors have exploited security gaps in foreign made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft as the reason for the ban.” (Rich Stroffelino, 00:36)

2. Drone Activity Disrupts AWS Bahrain Region

Timestamp: 01:01–01:39

• AWS Bahrain region experienced disruptions attributed to drone activity near US-Israeli war on Iran zone.
• Amazon is migrating customers to alternate regions; no details on direct or indirect hits, nor the outage’s expected duration.
• Recaps a similar event in UAE earlier this month, which caused substantial damage and power disruptions.

Quote:

“It's not clear if the facility was hit directly by a drone, it was struck nearby, or something else.” (Rich Stroffelino, 01:17)

3. Crunchyroll Suffers Major Support Ticket Data Leak

Timestamp: 01:40–02:16

• An anonymous threat actor claimed theft of 100GB of support ticket data (allegedly via a breached Telus employee account).
• Crunchyroll confirmed the breach:
  • Affected approximately 6.8 million people.
  • Data included IPs, names, emails, and partial credit card numbers.
• Attackers demanded a $5 million ransom; Crunchyroll refused to negotiate.

Quote:

“The threat actors asked for a $5 million ransom to not leak the data, but Crunchyroll did not negotiate.” (Rich Stroffelino, 02:12)

4. US State Department Launches Bureau of Emerging Threats

Timestamp: 02:17–02:57

• New bureau formalized with mission to protect US security from advanced and emerging cyber threats, with particular mentions of Iran, China, Russia, and North Korea.
• Scope includes: Cyber attacks, quantum computing, AI-enabled attacks, weaponization of space.
• Bureau comprised of five divisions:
  • Office of Critical Infrastructure Security
  • Office of Cybersecurity
  • Office of Disruptive Technology
  • Office of Space Security
  • Office of Threat Assessment

5. US Treasury Considers Cyber Inclusion in Terrorism Risk Insurance

Timestamp: 03:12–03:44

• The US Treasury requests public commentary on expanding the Terrorism Risk Insurance Program (TRIP) to cover cyber events.
• TRIP provides a federal backstop for terrorism risk insurance; original intent post-9/11.
• Soliciting input on changes that would encourage cyber-related terrorism insurance coverage.
• Comment period is open until May 8, 2026; the program expires in 2027.

6. Lapsus Extortion Group Claims AstraZeneca Breach

Timestamp: 03:45–04:15

• Lapsus, a known extortion group, claims exfiltration of ~3 GB from pharma giant AstraZeneca, including credentials, tokens, code, configuration files, and some employee data.
• No ransom price set.
• Socradar suggests internal business operations may be affected.

7. Infinite Campus Education Platform Breach

Timestamp: 04:16–04:58

• EdTech company Infinite Campus warns customers of a breach tied to an employee Salesforce account.
• Shiny Hunters claim responsibility, threatening to leak PII and internal corporate data if no ransom is paid (deadline: today).
• Infinite Campus handles data on 11 million students and over 3,200 school districts; says customer databases weren’t accessed.

Quote:

“If your kids don't already have some free credit monitoring, you're in luck.” (Rich Stroffelino, 04:16, tongue-in-cheek)

8. Russian Access Broker “Chewbacore” Sentenced

Timestamp: 04:59–05:32

• Alexei Volkov (Chewbacore), associated with the Yan Lao Wang ransomware group, received an 81-month federal prison sentence.
• Convicted of six federal charges for brokering initial access for dozens of attacks, causing over $9 million in losses.
• Must pay restitution and forfeit all equipment.

Notable Quotes & Memorable Moments

• On the FCC router ban:

  "Devices already on the market and previously purchased routers are not impacted." (Rich Stroffelino, 00:28)

• Dry wit on student data breach:

  “If your kids don't already have some free credit monitoring, you're in luck.” (Rich Stroffelino, 04:16)

• On AWS disruptions:

  “Amazon said it’s in the process of helping to migrate customers to alternate regions in the interim.” (Rich Stroffelino, 01:32)

Important Timestamps

• FCC Router Ban: 00:13–01:00
• AWS Drone Disruption: 01:01–01:39
• Crunchyroll Leak: 01:40–02:16
• State Department Bureau: 02:17–02:57
• Terrorism Insurance Update: 03:12–03:44
• Lapsus/AstraZeneca Breach: 03:45–04:15
• Infinite Campus Breach: 04:16–04:58
• Chewbacore Sentencing: 04:59–05:32

Tone and Style

Rich Stroffelino maintains a brisk, clear, slightly wry tone, highlighting impacts, context, and sometimes adding a tongue-in-cheek remark to underline the human costs of breaches. Throughout, emphasis is on clarity, actionable impact, and the rapidly evolving cybersecurity threatscape.

For more stories or to dive deeper, visit cisoseries.com.