Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3...

Dark Web Market Lists Alleged 375TB Lockheed Martin Data for $600M

A dark web market known as Threat Market is listing 375TB of Lockheed Martin data, which it claims was provided by a group calling itself ‘APT Iran.’...

Iranian Hackers Launch 'SpearSpecter' Spy Operation on Defense & Government Targets

The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps IRGC as part of a new espionage-focused campaign. The activity, detected in early September 2025 and assessed to be...

Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware

The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP , said it discovered the artifact as part of a "recent" investigation into ...

U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks

U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox...

A week in security (December 12 - 18)

Last week on Malwarebytes Labs: Indiana sues TikTok, describes it as "Chinese Trojan Horse" Iranian hacking group uses compromised email accounts to distribute MSP remote access tool Electronic Sales Suppression Tools are cooking the books Silence is golden partner for Truebot and Cl0p ransomware...

Iranian hacking group uses compromised email accounts to distribute MSP remote access tool

Researchers have uncovered a new campaign by hacking group MuddyWater, aka Static Kitten, in which a legitimate remote access tool is sent to targets from a compromised email account. The targets in this campaign are reportedly in Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar,...

A US Propaganda Operation Hit Russia and China With Memes

Plus: An Iranian hacking tool steals inboxes, LastPass gets hacked, and a deepfake scammer targets the crypto world...

Iranian State-Sponsored Hacking Attempts

Interesting attack: Masquerading as UK scholars with the University of Londons School of Oriental and African Studies SOAS, the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with hi...

An Iranian Hacking Campaign, Social Media Surveillance, and More News

Catch up on the most important news from today in two minutes or less...

Claroline e-Learning <= 1.6 - Remote Hash SQL Injection Exploit

No description provided by source. ?php T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m Vulnerable: Claroline E-Learning Application Exploit By : MHp0rtal Discovered By: Sieg Fried Gr33tz To == Alphaprogrammer , Oilkarchack , DrCephaleX , Str0ke And Iranian Hacking & Security Teams :...

New U.S. drone hacked by IRAN ? Reality or propaganda?

It's known, drones are privileged vehicles for reconnaissance and attacks, technology has achieved level of excellence and their use is largely diffused, that's why defense companies are providing new solution to make them increasingly effective. But the incredible amount of technological...

phpStat 1.5 - &#039;setup.php&#039; Authentication Bypass

!/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR - PHPStat Setup.PHP Authentication Bypass Vulnerability Exploit By : A l p h a P r o g r a m m e r Sirus-v E-Mail : [email protected] This Xpl Change Admin's Pass in This Portal !! Discovered by:...

Maxwebportal 1.36 - Password.asp Change Password (2) (PHP)

Maxwebportal 1.36 - Password.asp Change Password 2 PHP ------------------------------------------ / Config address - example: http://www.site.com/password.asp $url = "http://www.mohamad.com/password.asp"; $mh = "s1"; if webmaxportal version is : Version 1.35 and older please input $mh= "s1" if...

Maxwebportal &lt;= 1.36 password.asp Change Password Exploit (2 - php)

No description provided by source. ?php / ------Trap-Set Underground Hacking Team-----------------mhp0rtal---------------------- Greetz to : Alphaprogrammer , Oilkarchack , Str0ke And Iranian Hacking & Security Teams : Alphast , IHS Team , Shabgard Security Team , Emperor Hacking TEam , CrouZ...