Originally reported by Security Affairs, The Record
TL;DR
A Russian national received 24 months in prison for operating botnets used in ransomware attacks against U.S. companies. Meanwhile, active ransomware campaigns disrupted operations at Spain's Port of Vigo and Puerto Rico's driver licensing agency, while TP-Link patched critical authentication bypass flaws in enterprise routers.
Multiple high-impact incidents including active ransomware attacks on critical infrastructure (Spanish port) and government services (Puerto Rico), combined with critical router vulnerabilities affecting enterprise networks.
Russian national Ilya Angelov, 40, received a 24-month prison sentence for operating a botnet infrastructure used to conduct ransomware attacks against dozens of U.S. companies. According to Security Affairs, Angelov was also ordered to pay a $100,000 fine and a $1.6 million judgment.
The conviction demonstrates ongoing efforts to prosecute cybercriminals operating from sanctioned jurisdictions, though the relatively light sentence may not serve as a significant deterrent for similar operations.
TP-Link released security updates for its Archer NX router series addressing multiple vulnerabilities, including CVE-2025-15517, a critical authentication bypass flaw with a CVSS score of 8.6. The vulnerability affects multiple enterprise router models including NX200, NX210, and NX500 series.
The authentication bypass could allow attackers to install malicious firmware on affected devices, potentially compromising entire network infrastructures. Organizations using these router models should prioritize immediate patching.
A data breach at benefits provider Navia Benefit Solutions exposed personal information of nearly 300 HackerOne employees. The incident highlights the persistent risk of supply chain attacks, where threat actors target third-party vendors to access data from their primary targets.
The breach underscores the challenge organizations face in securing data held by external partners, particularly in the benefits and HR technology sector where sensitive employee information is routinely processed.
British authorities sanctioned Xinbi, a Chinese-language cryptocurrency marketplace accused of facilitating large-scale online fraud and human exploitation. The sanctions target the financial infrastructure supporting global scam networks, particularly those operating from Southeast Asian compounds.
The action represents part of broader international efforts to disrupt the cryptocurrency payment rails that enable pig butchering and other romance scam operations.
CISA's acting director warned that the ongoing government shutdown is limiting the agency's cybersecurity operations and contributing to staff resignations. The agency is currently restricted to responding to imminent threats, protecting life and property, and maintaining its 24/7 operations center.
The reduced capacity comes at a time of heightened cyber threats and could impact the agency's ability to coordinate national cyber defense efforts and vulnerability disclosure programs.
A ransomware attack forced Spain's Port of Vigo to disconnect network systems and manage cargo operations manually. The port, a major fishing hub, represents the latest critical infrastructure target in an ongoing campaign against transportation and logistics facilities.
The attack follows a pattern of ransomware groups increasingly targeting maritime and port operations, recognizing their economic importance and potential for disruption.
Puerto Rico's Centros de Servicios al Conductor (CESCO) canceled all driver's license and vehicle registration appointments following a cyber incident. The agency handles critical government services including license issuance and vehicle registrations across the territory.
The disruption affects essential government services and highlights the vulnerability of state and local government IT infrastructure to cyber attacks.
Originally reported by Security Affairs, The Record