Security Briefing March 29, 2026 ยท 5 min read

Fake VS Code Alerts Weaponize GitHub at Scale, Dutch Police Breached via Phishing, Pro-Iranian Hackers Compromise FBI Director's Account

A coordinated campaign blasts thousands of GitHub repos with fake VS Code vulnerability alerts delivering malware. Dutch Police confirm a phishing breach. A pro-Iranian group claims to have hacked FBI Director Kash Patel's personal account. CISA flags a critical PTC Windchill flaw so severe that German police physically visited organizations. RedLine malware administrator extradited to face charges in the US.


๐Ÿ”ด Fake VS Code Security Alerts Flood GitHub Discussions

โš ๏ธ Active Campaign โ€” Developers Targeted

Thousands of GitHub repositories are being spammed with fake VS Code vulnerability alerts. If you maintain open-source projects, check your Discussions tab for suspicious posts immediately.

Application security firm Socket has uncovered a large-scale, coordinated campaign targeting developers through GitHub Discussions. Threat actors are posting fake security alerts impersonating legitimate vulnerability advisories, complete with realistic titles like "Severe Vulnerability โ€” Immediate Update Required" and fabricated CVE IDs.

How the Attack Works

Defensive Recommendations


๐Ÿ”ด Dutch National Police Breached After Phishing Attack

The Dutch National Police (Politie) has confirmed a security breach resulting from a successful phishing attack. The agency's Security Operations Center detected the incident quickly and immediately blocked the attackers' access.

Key details: The police stated that the impact "appears to be limited" and that citizens' data and investigative information were not exposed or accessed. A criminal investigation has been launched. The agency has not yet disclosed which specific systems or accounts were compromised.

This marks the second major breach of the Dutch police in recent years. In September 2024, a cyberattack attributed to a "state actor" stole work-related contact information for multiple officers, including names, email addresses, phone numbers, and private data. That investigation remains ongoing.

Context

Following the 2024 breach, the Dutch police implemented enhanced security measures including continuous monitoring and more frequent two-factor authentication prompts. Despite these measures, the latest phishing attack still succeeded โ€” underscoring that even hardened organizations remain vulnerable to well-crafted social engineering.


๐Ÿ”ด Pro-Iranian Hackers Claim Hack of FBI Director Kash Patel's Account

โš ๏ธ High-Profile Compromise

A pro-Iranian hacking group claims to have compromised FBI Director Kash Patel's personal account, making emails and documents available for download.

According to SecurityWeek, a pro-Iranian threat group has claimed responsibility for hacking FBI Director Kash Patel's personal account. The group stated it is making emails and other documents from Patel's account available for download.

While the full scope and authenticity of the claimed breach remain under investigation, the incident โ€” if confirmed โ€” represents a significant intelligence compromise targeting one of the highest-ranking US law enforcement officials. It follows a pattern of Iranian-linked groups targeting US government officials and political figures.

Why This Matters


๐ŸŸ  CISA Flags Critical PTC Windchill Vulnerability โ€” German Police Physically Warned Organizations

๐Ÿ”ง CVE-2026-4681 โ€” Critical Severity

PTC Windchill, widely used in manufacturing and engineering PLM environments, has a critical vulnerability severe enough that German police physically visited organizations to warn them.

CISA has flagged a critical vulnerability in PTC Windchill, tracked as CVE-2026-4681. The flaw is significant enough that law enforcement in Germany took the extraordinary step of physically dispatching officers to warn affected organizations in person.

PTC Windchill is a Product Lifecycle Management (PLM) platform used extensively in manufacturing, aerospace, defense, and automotive industries. A critical vulnerability in this system could expose proprietary designs, trade secrets, and supply chain data.

Recommended Actions


๐ŸŸข RedLine Malware Administrator Extradited to United States

Hambardzum Minasyan of Armenia has been extradited to the United States, accused of being involved in the development and administration of the RedLine infostealer malware.

RedLine has been one of the most prolific information-stealing malware families in recent years, responsible for harvesting credentials, financial data, and cryptocurrency wallets from millions of victims worldwide. The extradition represents a significant law enforcement victory in the ongoing battle against the malware-as-a-service ecosystem.

Impact: RedLine has been linked to countless data breaches and credential theft operations globally. Its administrators operated a malware-as-a-service model, selling subscriptions to cybercriminals who then deployed it in phishing campaigns and drive-by downloads.


๐Ÿ“Š Quick Hits

StoryImpact
TP-Link patches high-severity router vulnerabilities โ€” Auth bypass, command execution, config decryption๐ŸŸ  High
BIND updates patch high-severity vulnerabilities โ€” Crafted domains cause OOM conditions and memory leaks๐ŸŸ  High
Cisco patches multiple IOS vulnerabilities โ€” DoS, secure boot bypass, info disclosure, privilege escalation๐ŸŸ  High
Hightower Holding data breach โ€” 130,000 affected; names, SSNs, driver's licenses stolen๐Ÿ”ด Critical
OpenAI launches bug bounty for abuse and safety risks โ€” Rewards for design/implementation issues leading to material harm๐ŸŸข Notable

Protect Your Organization with KENSAI

From supply chain attacks to phishing campaigns targeting law enforcement โ€” the threat landscape demands proactive security. Let KENSAI help you stay ahead.

Get Started โ†’

Stay safe out there. See you tomorrow. ๐Ÿ›ก๏ธ

โ€” KENSAI Security Briefing

Related Articles

SaaS SOC2 Security Testing Guide Security Platform Parche de emergencia Microsoft RRAS Redirecting...