惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
V2EX
爱范儿
爱范儿
Martin Fowler
Martin Fowler
T
The Blog of Author Tim Ferriss
B
Blog RSS Feed
博客园 - 聂微东
G
GRAHAM CLULEY
Engineering at Meta
Engineering at Meta
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
WordPress大学
WordPress大学
Scott Helme
Scott Helme
AI
AI
S
Security Affairs
T
Threat Research - Cisco Blogs
M
MIT News - Artificial intelligence
T
Troy Hunt's Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
人人都是产品经理
人人都是产品经理
AWS News Blog
AWS News Blog
T
Threatpost
Cyberwarzone
Cyberwarzone
www.infosecurity-magazine.com
www.infosecurity-magazine.com
U
Unit 42
V
Vulnerabilities – Threatpost
J
Java Code Geeks
博客园 - Franky
月光博客
月光博客
Blog — PlanetScale
Blog — PlanetScale
NISL@THU
NISL@THU
D
Docker
小众软件
小众软件
N
News and Events Feed by Topic
Microsoft Security Blog
Microsoft Security Blog
Y
Y Combinator Blog
A
Arctic Wolf
D
DataBreaches.Net
云风的 BLOG
云风的 BLOG
Forbes - Security
Forbes - Security
量子位
PCI Perspectives
PCI Perspectives
美团技术团队
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
I
InfoQ
Security Archives - TechRepublic
Security Archives - TechRepublic
有赞技术团队
有赞技术团队
腾讯CDC
P
Proofpoint News Feed
S
Security @ Cisco Blogs
G
Google Developers Blog
C
Cisco Blogs

GRAHAM CLULEY

Anubis ransomware: what you need to know Smashing Security podcast #476: Remote-control rickshaws and rogue book marketers The ransomware negotiator who was working for the other side Invited to a "job interview" with Netflix or OpenAI? Beware! Your Google password could be at risk Smashing Security podcast #475: JadePuffer - the AI that ran a ransomware attack all by itself Two arrested over credit card phishing - as the Netherlands is named Europe's worst for payment fraud The Gentlemen ransomware: what you need to know Smashing Security podcast #474: Polymarket can predict the future. So how did it miss this hack? Scammers race to cash in on Venezuelan earthquake disaster USB drives carrying China-linked malware infected Japanese military networks for nearly a year Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup Hacker hijacks Brazil's national alert system, sending "misanthropy" to millions of phones Apple's Hide My Email tweak leaves privacy fans fuming Imposter scams cost Americans $3.5 billion in 2025 – and it’s getting worse Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed Maine forced to take down data breach portal after fake notices filed with authorities Privacy own-goal: World Cup blunder leaks Lionel Messi's passport details Silent Ransom Group: what you need to know Smashing Security podcast #471: This AI worm just rewrote its own rules Why schools remain one of cybercriminals' favourite targets Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5 Meta’s own AI chatbot to blame for Instagram accounts being stolen in seconds Smashing Security podcast #470: This AI security flaw might be impossible to fix Police arrest man following hack of Ajax football club MyPillow listed on ransomware gang's leak site, but denies it has been breached Smashing Security podcast #469: What your Oura ring won’t tell you FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts — no password required Defenders fall behind, as AI rewrites the rules of a data breach Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Suspected Dream Market kingpin arrested after gold bars sent to his home address When ransomware gets physical: cybercriminals turn to threats of violence Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities One in eight UK workers has sold their company passwords, and bosses think it’s fine Inside Department 4: Russia's secret school for hackers Sri Lanka makes 37 arrests as it raids another scam centre Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions Alleged Silk Typhoon hacker extradited to the United States to face charges French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not Singer loses life savings to fake wallet downloaded from the Apple App Store Sometimes changing the password on your email mailbox isn’t enough 108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users AI and cryptocurrency scams are costing Americans billions, FBI reports Life imprisonment for Cambodian scam compound operators - but will it make a difference? Nigerian romance scammer jailed after being caught out by fellow fraudster Alleged RedLine malware developer extradited to United States World Leaks data extortion: What you need to know How one man used 10,000 bots to steal $8,000,000 from music artists Denver's crosswalks hacked to broadcast anti-Trump messages LeakNet ransomware: what you need to know Free parking in Russia after Distributed Denial-of-Service attack knocks city's parking system offline Fraudsters are using public planning records to target permit applicants Your Signal account is safe - unless you fall for this trick Twitter suspended 800 million accounts last year — so why does manipulation remain so rampant? How hackers bypassed MFA with a $120 phishing kit - until a global takedown shut it down They seized $4.8m in crypto... then gave the master key to the internet
Iranian hackers breach FBI director's personal email, and post his CV and photos online
2026-03-31 · via GRAHAM CLULEY

It's not every day that you read that the head of America's top law enforcement agency has been hacked, but then - these aren't ordinary times.

The FBI has confirmed that Iran-linked hackers have broken into the personal email inbox of FBI Director Kash Patel, and published photos of him as well as other stolen documents.

The Handala hacking group, a pro-Iranian, pro-Palestinian hacktivist operation, has published on its website a series of personal photographs of Kash Patel :sniffing and smoking cigars, riding in an antique convertible, and making a face while taking a picture of himself in the mirror with a large bottle of rum." The hackers also posted what appears to be the FBI director's CV.

A sample of the material uploaded by the hackers and reviewed by Reuters appears to show a mix of personal and work correspondence dating between 2010 and 2019.

Reporters at TechCrunch have confirmed that at least some of the leaked emails did originate from Patel's Gmail account by verifying the message headers. The most recent files in the leak appear to date from about 2019.

In a statement the FBI said that it was "aware of malicious actors targeting Director Patel's personal email information," and that it had "taken all necessary steps to mitigate potential risks associated with this activity."

According to the FBI, no classified or government systems have been accessed. The hack appears to have been limited to Patel's private Gmail account, rather than any FBI infrastructure. Although that is, perhaps, not much comfort for the director of the world's most famous law enforcement agency.

To add to Kash Patel's embarrassment, this isn’t even the first time he has been targeted by Iranian hackers. His personal messages were previously hacked in December 2024, before he was appointed FBI director.

The Handala hacking group's activity has escalated recently in response to the United States and Israel launching an attack on Iran. Handala has claimed responsibility in recent weeks for hacks against Stryker and Lockheed Martin in response to the war on Iran.

The Stryker attack saw Handala claim credit for crippling the network of the medical device provider by deleting huge amounts of company data and wiping thousands of employee devices.

Earlier this month, the DOJ seized and took down four websites linked to the Handala group, making the Kash Patel leak look very much like a direct act of retaliation.

The FBI has announced that a US $10 million reward is on offer for information related to the Handala hackers.

The attack on Kash Patel's inbox is more embarrassing than catastrophic. Old personal emails and photos of Patel puffing on cigars are unlikely to compromise national security. But it is clear that Iranian hackers are becoming increasingly destructive and brazen in their attacks, especially against those allied to those who Iran considers to be a threat to its own security.

Private businesses are potentially just at much at risk of having their services disrupted, information stolem, or data erased as those organisations working alongside the US and Israeli government and military.

And clearly senior officials, in government and business, remain high-value targets for state-backed hackers. A personal Gmail account linked to the FBI director can never be considered a low-profile target.

Using strong, unique passwords and enabling multi-factor authentication on personal accounts isn't just good advice for regular users. It's essential hygiene for anyone whose inbox might one day end up being plastered across an Iranian hacking group's website.