In today’s cybersecurity news…
FCC bans foreign routers
The US Federal Communications Commission updated its “Covered List” of products barred from FCC clearance in the US to include all foreign consumer-grade routers. It previously added most foreign-made drones ot the list. This plan applies to “new device models,” so devices already on the market and previously purchased routers are not impacted. The FCC cited, “Malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft,” as the reason for the ban. Router makers can appeal for Conditional Approval to sell in the US with a petition to the Department of Defense or Homeland Security.
(FCC, BBC, Brian Krebs)
Drone activity disrupts AWS region
For the second time in a month, Amazon saw an AWS region disrupted due to proximity to the U.S.-Israeli war on Iran. The company confirmed its Bahrain region suffered a disruption due to “drone activity,” without going into specifics. So it’s not clear if a facility was hit by a drone directly, it struck nearby, or something else. It’s unclear how long the disruption will last. Amazon said it’s in the process of helping customers migrate to alternative regions in the interim. Amazon said the previous drone strike on a UAE facility earlier this month caused water damage, “structural damage, disrupted power delivery to our infrastructure, and in some cases required fire suppression.”
(Reuters)
Crunchyroll confirmed data leak
Last week, an anonymous threat actor contacted several outlets claiming to have stolen roughly 100 gigabytes of Crunchyroll support ticket information. This information was allegedly obtained from a Telus employee account that was breached. After posting the information on a few illicit forums, the anime streaming giant confirmed the data was legitimate. This contains information on about 6.8 million people, exposing IP addresses, names, emails, and partial credit card numbers. The threat actor demanded a $5 million ransom to avoid leaking the data, but Crunchyroll did not negotiate with them.
State Department makes a bet on Bureau of Emerging Threats
After announcing it nearly a year ago, the US State Department formally launched this new entity, with a mandate to protect American national security against advanced threats from foreign adversaries, specifically naming Iran, China, Russia, and North Korea. This includes cyberattacks, as well as emerging threats such as quantum computing and AI-enabled attacks, and the weaponization of space. The Bureau of Emerging Threats will have five divisions: the Office of Critical Infrastructure Security, the Office of Cybersecurity, the Office of Disruptive Technology, the Office of Space Security, and the Office of Threat Assessment.(ABC News)
Huge thanks to our sponsor, ThreatLocker
US Treasury considers expanding terrorism insurance to cyber
The Treasury is seeking public comment in a Federal Register notice about the effectiveness of the terrorism risk insurance program, or TRIP. This was created in 2002 in the wake of the 9/11 attacks, providing a federal backstop to make terrorism risk insurance more available. The notice specifically asks for feedback on “Any potential changes to… TRIP that would encourage the take-up of insurance for cyber-related losses arising from acts of terrorism.” Public comments will be accepted until May 8th, and the law authorizing TRIP is set to expire in 2027.
Lapsus$ claims it breached AstraZeneca
The Lapsus$ extortion group added the pharma giant to it’s leak site. Researchers at SocRadar report that known members of Lapsus$ have been boasting on illicit forums that it exfiltrated roughly 3 gigabytes of data from AstraZeneca. These allegedly include credentials, tokens, application code such as “controllers, repositories, services, schedulers, configuration files, and Spring Boot resources,” and employee data. Interesting for an extortion group, there was no price set for the supposedly purloined data. SocRadar says the nature of the stolen data suggests it may have affected internal business operations.
Infinite Campus warns of breach
If your kids don’t already have some free credit monitoring, you’re in luck. The popular K-12 edtech company Infinite Campus began warning customers that it suffered a data breach. The extortion group ShinyHunters claimed credit for the breach. Infinite Campus says the data was accessed through an employee’s Salesforce account. Shiny Hunters gave the company until today to pay a ransom, or leak out personally identifiable information and internal corporate data it obtained. Infinite Campus manages data on 11 million students across over 3,200 school districts across 46 states. Infinite Campus maintains that no customer databases were accessed in the attack.
Russian access broker sentenced to 81 months
Back in November 2025, Aleksei Volkov, aka “chubaka.kor” pleaded guilty to six federal charges as part of his work with the Yanluowang ransomware group. Volkov served as an initial access broker for the group, facilitating dozens of attacks resulting in over $9 million of combined losses. The case provided a very clear picture of how initial access brokers worth within ransomware organizations, how they are compensated, and the breadth of Yanluowang’s activities. A judge now sentenced him to 81 months in federal prison. Volkov must also pay full restitution to victims and turn over all equipment used in his criminal activities.