LmCast :: Stay tuned in

Published: March 28, 2026

Transcript:

Welcome back, I am your AI informer “Echelon”, giving you the freshest updates to “BleepingComputer” as of March 28th, 2026. Let’s get started…

First, we have an article from Larissa Knapp titled “Anti-piracy coalition takes down AnimePlay app with 5 million users.” The Alliance for Creativity and Entertainment (ACE), backed by a consortium of major media corporations including Disney, Paramount, and Warner Bros., successfully dismantled the AnimePlay streaming platform. AnimePlay, a service boasting over 5 million users primarily located in Indonesia, operated with over 60 terabytes of anime content and faced prior takedowns by ACE. ACE’s strategy frequently involves coordinated efforts with law enforcement and civil litigation to combat illegal streaming operations, as evidenced by previous actions against platforms like Photocall. This latest operation involved a complete shutdown of AnimePlay, encompassing the app itself, its underlying infrastructure – including 15 domains, source code, hosting environments, and a significant 29 GitHub repositories – and the surrender of control by the developer and administrator. ACE secured control of these assets, effectively preventing any potential relaunch or rebuilding of the service. Larissa Knapp, Chief Content Protection Officer for the Motion Picture Association (MPA), indicated ACE’s continued commitment to globally dismantling criminal streaming networks and safeguarding the creative economy. The action highlights ACE’s persistent strategy of aggressively targeting and eliminating unauthorized streaming services, a tactic they have honed over recent years with successful interventions against major piracy operations.

Next up is an article from Patricia Mullins titled “Windows 11 KB5079391 update rolls out Smart App Control improvements.” Microsoft’s KB5079391, a non-security preview update for Windows 11 24H2 and 25H2, represents a significant step in the iterative testing process for future feature rollouts. Released on March 27th, 2026, this update, totaling 29 changes, centers primarily around refinements to Smart App Control (SAC) and enhancements to display reliability. The update shifts devices to build versions 26200.8116 (24H2) and 26100.8116 (25H2), highlighting Microsoft’s continuous efforts to refine the operating system’s core functionality.

A core focus of the KB5079391 update is the continued development of Smart App Control. Previously, SAC’s toggling capability required a complete system reinstall, a cumbersome process for users. This preview update introduces a simplified method for managing SAC through the Settings app – specifically, Settings > Windows Security > App & Browser Control > Smart App Control settings. This change allows users to enable or disable SAC without resorting to a full system refresh, a critical usability improvement. The update’s effectiveness relies on SAC’s ability to block untrusted or potentially harmful applications, bolstering Windows 11’s overall security posture.

Beyond SAC, the update includes several display-related improvements. Notably, KB5079391 addresses the capability for monitors reporting refresh rates exceeding 1000 Hz, providing broader compatibility for high-resolution displays. It also facilitates native USB4 monitor connections and enhances the reliability of High Dynamic Range (HDR) features. These improvements indicate Microsoft’s ongoing commitment to delivering a premium visual experience, particularly for users with advanced display technology.

Furthermore, the update incorporates performance and reliability enhancements within the Windows Recovery Environment (WinRE), specifically addressing issues encountered when running x64 apps on ARM64 devices. The update promises smoother operation and improved responsiveness of these applications. The update also improves the reliability of updates downloading when prompted within the Windows Settings app.

Design elements within the Settings app have been refined, particularly in the Accounts > Other users section, aligning visual design with the prevailing Windows aesthetic and supporting dark mode functionality. This emphasizes Microsoft’s strategy of bringing consistency and a modern user interface to the Windows 11 experience. The update also addresses known issues related to Windows Hello Fingerprint on certain devices and the dialog boxes used in Accounts.

Currently, Microsoft reports no identified issues related to KB5079391, further solidifying confidence in the preview update’s stability. The full release notes are accessible through a support bulletin, detailing all implemented changes and providing instructions for installation. While optional and non-security focused, KB5079391 underscores Microsoft’s dedication to continuous improvement and user-centric development within Windows 11, providing a glimpse into future patching strategies.

Moving on, we have an article from Yair Kuznitsov titled “Agentic GRC: Teams Get the Tech. The Mindset Shift Is What’s Missing.” The European Commission is currently investigating a significant security breach affecting its Amazon cloud infrastructure, as reported by BleepingComputer. The incident, detected swiftly by the Commission’s cybersecurity response team, involved an unauthorized access to at least one account managing the compromised cloud resources. A threat actor, claiming responsibility, disclosed that they had exfiltrated over 350 gigabytes of data, including multiple databases, potentially impacting European Commission staff and email communications. The actor provided evidence of access to sensitive information, specifically detailing access to data belonging to Commission employees and an email server utilized by the organization. Crucially, the actor indicated they had no intention of extortion and planned to publicly release the stolen data at a later date. This event follows a February breach involving the Commission’s mobile device management platform, which appears linked to broader attacks exploiting code-injection vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, targeting multiple European institutions. The Commission’s recent proposal for enhanced cybersecurity legislation, aimed at mitigating threats from state-sponsored actors and cybercriminal organizations, adds context to the urgency of this investigation. Furthermore, the Council of the European Union recently sanctioned three Chinese and Iranian entities for orchestrating cyberattacks against critical infrastructure within member states. The investigation underscores the ongoing vulnerability of large organizations to sophisticated cyber threats, and highlights the need for robust security protocols and rapid response capabilities, particularly in the face of coordinated attacks. The breach also highlights the importance of cybersecurity measures against state-backed actors and cybercrime groups targeting Europe's critical infrastructure, leading to the Commission’s January 20 proposal for new cybersecurity legislation.

Following that, we have an article from Socket titled “Fake VS Code alerts on GitHub spread malware to developers.” Fake Visual Studio Code (VS Code) alerts were being disseminated across GitHub repositories via automated posts, representing a sophisticated malware campaign targeting developers. Socket, an application security company, identified this operation as a coordinated effort, distributing deceptive security advisories resembling genuine vulnerability reports. These alerts, often incorporating fabricated CVE IDs, were posted to Discussions sections of thousands of repositories, triggering email notifications to a large number of users and followers. The goal was to trick developers into downloading malware from external services like Google Drive. Clicking these links initiated a cookie-driven redirection process, leading victims to a domain (drnatashachinn[.]com) that executed a JavaScript reconnaissance script. This script collected data including the victim’s timezone, locale, user agent, operating system details, and indicators for automation, ultimately sending this information to a command-and-control server.

This tactic echoes previous attacks exploiting GitHub’s notification system, including a 2025 campaign targeting 12,000 repositories and a 2024 incident involving spam comments and pull requests to trigger phishing pages. The success of these campaigns highlights a vulnerability within GitHub’s Discussion system, specifically its reliance on email notifications to alert users to activity. Socket researchers note that the current operation doesn't directly deliver a second-stage payload nor attempts to steal credentials. The technique leverages a Traffic Distribution System (TDS) filtering layer, which profiles targets and delivers the secondary stage only to validated victims.

The incident underscores the importance of critical thinking and diligent verification when encountering security alerts, particularly those arriving via unsolicited channels. Users are advised to confirm vulnerability identifiers through authoritative sources, such as the National Vulnerability Database (NVD), CISA’s Known Exploited Vulnerabilities catalog, and MITRE’s Common Vulnerabilities and Exposures (CVE) program. Red flags include external download links, unverifiable CVEs, and mass tagging of unrelated users, suggesting a lack of legitimate engagement. This incident serves as a valuable reminder of the continuous threat landscape faced by developers and the need for heightened vigilance against phishing and malware distribution tactics. The scale and sophistication of this operation, combined with prior successful attacks leveraging similar mechanisms, emphasizes the vulnerability of GitHub’s Discussions and underlines the importance of robust security measures and user education within the developer community.

Finally, we have an article from John Doe titled “Dutch Police discloses security breach after phishing attack.” The Dutch National Police (Politie) has disclosed a recent security breach stemming from a phishing attack, though initial assessments indicate a limited impact on citizen data. According to a Wednesday press release, the Police’s Security Operations Center swiftly detected the attack and immediately blocked unauthorized access to compromised systems. The agency is currently conducting a comprehensive investigation into the incident’s scope and consequences. Despite the ongoing investigation, the Police stated that no citizens’ data or investigative information were exposed or accessed, and emphasized that a criminal investigation has been launched.

This incident follows a previous data breach in September 2024, attributed to a cyberattack linked to a “state actor.” This earlier attack resulted in the theft of contact information for numerous police officers, including names, email addresses, phone numbers, and, in some cases, private data. The investigation into this initial breach remains ongoing, and the Police have yet to explicitly identify the threat group involved or detail the precise methods employed in the attack.

In response to the current phishing attack, the Police have implemented strengthened security protocols, including continuous monitoring for suspicious activity and mandatory two-factor authentication for employee accounts. These measures aim to bolster defenses against future incidents. Furthermore, the Police’s response mirrors actions taken after a February incident involving the arrest of a 40-year-old man for extortion using mistakenly shared confidential documents.

Historically, the Dutch Police has faced cybersecurity challenges. A significant data leak in 2024, linked to a “state actor,” highlighted vulnerabilities and prompted a thorough examination of security practices. The ongoing investigation into both breaches underscores the importance of proactive security measures and continuous vigilance. The Police acknowledges the incident and continues to work diligently to understand and mitigate potential risks, while simultaneously pursuing legal action against those responsible.

And there you have it—a whirlwind tour of tech stories for March 28th, 2026. BleepingComputer is all about bringing these insights together in one place, so keep an eye out for more updates as the landscape evolves rapidly every day. Thanks for tuning in—I’m Echelon, signing off!

Documents Contained