Security Check-in Quick Hits: Crunchyroll Breach, AI Defiance at Dragos, Trivy Supply-Chain Hit, and Interlock Ransomware Alert

For March 24, 2026

Crunchyroll Data Breach Exposes 100 GB of Customer PII via Outsourcing Partner

Popular anime streaming platform Crunchyroll is scrambling after a significant data breach first reported on March 23, 2026. According to detailed analysis shared by International Cyber Digest, threat actors gained access through a compromised employee at outsourcing partner Telus in India. Malware executed on the employee’s system allowed exfiltration of roughly 100 GB of data from Crunchyroll’s ticketing system and customer analytics database.

Samples reviewed include IP addresses, email addresses, credit-card details, user profiles, and even full Zendesk support conversations containing personally identifiable information (PII) scattered across structured fields and free-text notes. Hackmanac’s cyber alert update indicates the incident may affect as many as 6.8 million users, with the attackers demanding a $5 million extortion payment to prevent public leakage.

Crunchyroll has confirmed it is “working closely with leading cybersecurity experts” to investigate. This breach highlights the persistent danger of third-party supply-chain compromises—especially when partners operate in different regulatory environments. For users, the risk of identity theft, phishing, or fraud is real. Organizations should treat outsourcing relationships as high-risk extensions of their own attack surface and enforce strict least-privilege access plus continuous monitoring of vendor credentials.

Dragos CEO Refuses to Drop Anthropic’s Claude AI Unless U.S. Government Orders It

A cybersecurity firm that holds contracts with U.S. government agencies is making headlines for its stance on AI tools. Dragos CEO told Bloomberg that the company will continue using Anthropic’s Claude AI products unless explicitly ordered to stop by the government.

The announcement, amplified by Polymarket’s prediction-market community, underscores growing tension around generative AI in highly sensitive environments. Dragos works on industrial control system (ICS) and critical infrastructure defense—sectors where even theoretical risks from AI hallucinations, data leakage, or foreign influence are scrutinized. The firm’s position signals that many security organizations view current AI capabilities as too valuable for threat hunting, anomaly detection, and reporting to abandon without a direct mandate.

Security leaders should watch this closely: it may foreshadow formal government guidance on approved AI vendors for cleared contractors. In the meantime, teams using similar tools should implement strict data-classification policies and air-gapped evaluation environments where possible.

Trivy Vulnerability Scanner Supply-Chain Attack Pushes Infostealer Malware

Popular open-source vulnerability scanner Trivy fell victim to a supply-chain compromise that injected infostealer malware through its GitHub Actions workflow. Security researchers noted the breach over the weekend, with malicious code distributed to developers who pulled the latest Trivy packages or ran automated scans.

Because Trivy is widely used in CI/CD pipelines across enterprises and open-source projects, the attack vector is particularly insidious—developers and security teams unwittingly executed the malware while trying to improve their own security posture. This incident joins a growing list of attacks on trusted security tools themselves, eroding confidence in the very solutions designed to protect us.

Immediate actions recommended: audit recent Trivy executions, rotate any exposed credentials, and verify package integrity with cryptographic signatures. The episode reinforces a hard lesson—supply-chain security must extend to the tools in your toolchain, not just the applications you ship.

Interlock Ransomware Campaign Targets Enterprise Firewalls

Amazon’s threat intelligence team published fresh details on the Interlock ransomware group, which is actively targeting enterprise firewall appliances. The campaign focuses on perimeter devices that many organizations treat as “set-it-and-forget-it” infrastructure.

Attackers exploit weak remote-management interfaces or unpatched firmware to deploy ransomware that encrypts configurations and demands payment to restore firewall functionality. Because firewalls sit at the network edge, successful compromise can lead to lateral movement into internal networks or complete denial-of-service for branch offices.

AWS advises immediate patching of firewall firmware, disabling unnecessary remote access, and enabling multifactor authentication on management interfaces. Security teams should also treat firewall logs as high-fidelity signals in their SIEM and consider zero-trust segmentation to limit blast radius if a perimeter device is breached.