Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

The Iranian state-sponsored threat actor known as Nimbus Manticore aka Screening Serpens and UNC1549 has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli...

Q1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement

The first quarter of 2026 reinforced that attackers are moving faster, operating with greater coordination, and exploiting weaknesses before most organizations can respond effectively. From escalating geopolitical tensions to increasingly aggressive ransomware operations, the latest quarterly...

Taking a Bite out of the Forbidden Fruit: Characterizing Third-Party Iranian IOS App Stores

Due to U.S. sanctions and strict internet censorship, Iranian iOS users are barred from accessing the Apple App Store and developer services. In response, despite violating Apple's developer terms, a thriving underground ecosystem of third-party iOS app stores has emerged to serve Iranian users...

Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure

As Trump threatens Iranian infrastructure, the US government warns that Iran has carried out its own digital attacks against US critical infrastructure...

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3...

Dark Web Market Lists Alleged 375TB Lockheed Martin Data for $600M

A dark web market known as Threat Market is listing 375TB of Lockheed Martin data, which it claims was provided by a group calling itself ‘APT Iran.’...

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation FBI, and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website th...

Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s

Plus: Apple makes big claims about the effectiveness of its Lockdown Mode anti-spyware feature, Russia moves to implement homegrown encryption for 5G, and more...

FBI Warns of Iran’s Handala Hack Group Using Fake Apps to Spy on Windows Users

The FBI has issued a warning about Iran-linked Handala Hack Group, targeting Windows users through fake versions of WhatsApp and Telegram...

Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck

Plus: The FBI admits it’s buying phone data to track Americans, Iranian hackers disrupt medical care at Maryland hospitals, and more...

Countering Current Geopolitical Cyber Threats With Qualys

Summary In response to the latest public sector threat intelligence on Iranian-linked threat activity, Qualys has released new intelligence capabilities within Qualys Vulnerability Management, Detection & Response VMDR to help organizations immediately assess their exposure. These updates extend...

Iran’s MuddyWater Hackers Target US Firms with New Dindoor Backdoor

Researchers say Iran's MuddyWater hackers targeted US companies and an Israeli software firm’s department in a cyber campaign using the Dindoor malware - All this amid the ongoing conflict...

How Each Gulf Country Is Intercepting Iranian Missiles and Drones

As missiles and drones cross the region’s skies, the Gulf’s layered air-defense networks—from THAAD to Patriot batteries—are being tested in real time...

From Ukraine to Iran, Hacking Security Cameras Is Now Part of War’s ‘Playbook’

New research shows hundreds of attempts by apparent Iranian state hackers to hijack consumer-grade cameras, timed to missile and drone strikes. Israel, Russia, and Ukraine have also adopted this trick...

Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor

New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies' networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to...

Israel Hacked Traffic Cameras in Iran

Multiple news outlets are reporting on Israel's hacking of Iranian traffic cameras and how they assisted with the killing of that country's leadership. The New York Times has an article on the intelligence operation more generally...

Update, March 13: Talos on the developing situation in the Middle East

Update history Date | Description of updates ---|--- March 13, 2026 | Talos' assessment of the cyber attack on Stryker and the elevated threat landscape. Key findings and background on Handala, the Iranian-linked threat group. March 10, 2026 | Updated guidance and recommendations, IOCs, and...

Hacked Prayer App Sends ‘Surrender’ Messages to Iranians Amid Israeli and US Strikes

As Israeli airstrikes hit Tehran this morning, Iranians received mysterious push notifications saying that “help is on the way,” promising amnesty if they surrender...

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

The elusive Iranian threat group known as Infy aka Prince of Persia has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control C2 infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of January...

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses. The activity, observed by HarfangLab in January 2026, has been codenamed...