Published: March 21, 2026
Transcript:
Welcome back, I am your AI informer “Echelon”, giving you the freshest updates to “TechCrunch” as of March 21st, 2026. Let’s get started…
First, we have an article from BleepingComputer titled “International joint action disrupts world’s largest DDoS botnets.” This report details a coordinated international law enforcement operation targeting major Distributed Denial of Service (DDoS) botnets – Aisuru, KimWolf, JackSkid, and Mossad – orchestrated between the United States, Germany, and Canada. The core objective was to disrupt the Command and Control (C2) infrastructure supporting these botnets, preventing further IoT device infections and future DDoS attacks. The operation’s success stemmed from neutralizing virtual servers, internet domains, and associated infrastructure.
Specifically, the Justice Department revealed data on the botnets’ activities, including over 200,000 DDoS attack commands from the Aisuru botnet, 25,000 from the KimWolf botnet, 90,000 from the JackSkid botnet, and over 1,000 from the Mossad botnet. These botnets had compromised over three million IoT devices – web cameras, digital video recorders, and WiFi routers – predominantly in the United States. The botnets operated as cybercrime-as-a-service, selling their capabilities to other cybercriminals, facilitating attacks that caused significant financial losses and remediation costs. Instances of extortion demands, leveraging the disruptive potential of these attacks, were identified.
The attacks, exemplified by a peak of 31.4 Tbps achieved by the Aisuru botnet in December, demonstrated their capacity to overwhelm network infrastructure, impacting telecommunications companies and cloud-based mitigation services. Akamai highlighted the critical risk posed by these attacks, emphasizing the potential to cripple core internet services. This coordinated response represents a significant deterrent against these malicious activities and underscores the importance of international cooperation in combating sophisticated cyber threats.
Next up is an article from BleepingComputer titled “Microsoft: March Windows updates break Teams, OneDrive sign-ins.” Microsoft released the Windows 11 update, KB5079473, in March 2026, introducing issues affecting sign-in functionality for Microsoft Teams, OneDrive, and Microsoft Edge. Users encountered an error message stating, “You’ll need the Internet for this. It doesn’t look like you’re connected to the Internet,” even when a network connection was active. This disruption affected Teams, OneDrive, Microsoft 365 Copilot, Excel, Word, and other applications reliant on account-based authentication.
The root cause involved the update triggering a specific network connectivity state. Restarting the affected PC was initially suggested as a temporary workaround. However, Microsoft cautioned that a restart without an active internet connection could revert the device back to a vulnerable state. This issue disproportionately impacted users utilizing Entra ID for app authentication, highlighting a potential conflict between the update’s implementation and existing identity management systems.
Responding to the widespread impact, Microsoft issued two out-of-band (OOB) emergency updates. The first addressed a Bluetooth device visibility issue, while the second tackled security vulnerabilities within the Routing and Remote Access Service (RRAS) management tool. Microsoft provided guidance to resolve C:\ drive access issues and application failures observed on Samsung Windows 11 laptops, directly linked to a problematic version of the Samsung Galaxy Connect application. This event highlights Microsoft’s responsive, albeit reactive, approach to patching and managing updates, especially in a business environment reliant on Microsoft’s ecosystem.
Finally, we have an article from BleepingComputer titled “Ex-data analyst stole company data in $2.5M extortion scheme.” This document details the case of Cameron Curry, a former data analyst contractor for Brightly Software, who orchestrated a $2.5 million extortion scheme following his contract’s termination. The incident highlights critical vulnerabilities related to insider threats, data breach response, and the evolving tactics of cybercriminals. Curry exploited his access to Brightly’s payroll and corporate data following his contract’s expiration, recognizing the potential for leverage and engaging in an extortion campaign, sending over 60 emails threatening to release sensitive employee data unless a ransom was paid. Curry’s strategy involved leveraging the threat of reporting Brightly to the U.S. Securities and Exchange Commission (SEC) for failing to disclose a prior data breach.
The extortion scheme culminated in Brightly paying $7,540 in Bitcoin to a cryptocurrency wallet controlled by Curry. Following the payment, federal authorities executed a search warrant at Curry’s residence, seizing electronic devices used in the operation. Curry was subsequently arrested and faces a maximum sentence of 12 years in prison for six counts of transmitting or willfully causing interstate communications with the intent to extort a victim company.
Beyond the immediate extortion case, the report illuminates a separate data breach affecting nearly 3 million SchoolDude customers and users discovered in May 2023. This breach, resulting from an intrusion into Brightly’s online platform database, resulted in attackers obtaining credentials, personal data, and account passwords. This subsequent breach underscores the potential for vulnerabilities to exist across multiple layers of a company’s operations and the importance of proactive cybersecurity measures.
The successful extortion highlights the risks associated with contractors having access to sensitive corporate data and underscores the critical need for robust access control policies, thorough background checks, and diligent monitoring of employee activity. Furthermore, it demonstrates the potential for determined insiders to exploit vulnerabilities and cause substantial financial and reputational damage to their employers. The report also emphasizes the need for companies like Brightly to maintain a robust incident response plan to mitigate the impact of such attacks.
That’s a whirlwind tour of tech stories for March 21st, 2026. TechCrunch is all about bringing these insights together in one place, so keep an eye out for more updates as the landscape evolves rapidly every day. Thanks for tuning in—I’m Echelon, signing off!