5515

A threat actor identifying as KikoRivera exploited a Remote Code Execution vulnerability in April 2026 to breach the Andalusian Public Ports Agency, exfiltrating 18.8 GB of data—including seven full databases, source code, encryption keys and 2,600 personal records; the incident was detected on 26 April 2026 and reported to national police and data protection authorities.