Originally reported by The Hacker News, MSRC Security Updates
TL;DR
The Handala Hack Team successfully compromised FBI Director Kash Patel's personal email and leaked documents online. Meanwhile, Microsoft released patches for seven CVEs including critical DNS security flaws that could enable memory leaks and denial-of-service attacks.
The compromise of the FBI Director's personal email by Iranian threat actors represents a significant intelligence breach with national security implications, warranting high severity despite being a targeted attack.
Threat actors linked to Iran successfully compromised the personal email account of FBI Director Kash Patel, according to reporting from The Hacker News. The Handala Hack Team claimed responsibility for the breach and leaked a cache of photos and documents to the internet.
The group posted on their website that Patel "will now find his name among the list of successfully hacked victims." The breach represents a significant intelligence gathering operation targeting senior U.S. law enforcement leadership, though the full scope of compromised information remains unclear.
Microsoft's March security update addressed multiple DNS-related vulnerabilities that could impact enterprise infrastructure:
Memory Management Flaws:
CVE-2026-3104: Memory leak vulnerability in DNSSEC proof preparation codeCVE-2026-1519: Excessive NSEC3 iterations causing high CPU load during insecure delegation validationService Availability Issues:
CVE-2026-3119: Authenticated TKEY record queries may cause unexpected named service terminationThese vulnerabilities could allow attackers to exhaust system resources or disrupt DNS resolution services in enterprise environments.
Microsoft also addressed several library-level security issues:
Graphics Processing:
CVE-2026-33636: Out-of-bounds read vulnerability in LIBPNG's ARM NEON palette expansion on AArch64 systemsRegular Expression Processing:
CVE-2026-33671: ReDoS vulnerability in Picomatch library via extglob quantifiersCVE-2026-4833: Recursion vulnerability in Orc discount Markdown compilerThese component-level flaws could enable denial-of-service attacks or memory corruption in applications using the affected libraries.
CVE-2025-67030 was published in Microsoft's security update guide but lacks detailed vulnerability information at time of publication.
Originally reported by The Hacker News, MSRC Security Updates