Tag: iran

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

Jan 31, 2026 9:15 PM

Tags: cyber, iran, threat

A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses.The activity, observed by HarfangLab in January 2026, has been codenamed RedKitten. It’s said to coincide with the nationwide unrest in Iran that began towards the end…
TAMECAT PowerShell Backdoor Targets Edge and Chrome: Login Credentials At Risk

Jan 30, 2026 4:22 PM

Tags: backdoor, browser, chrome, credentials, cyber, defense, espionage, government, hacking, iran, login, microsoft, powershell, risk

TAMECAT is a sophisticated PowerShell-based backdoor linked to APT42, an Iranian state-sponsored hacking group. It steals login credentials from Microsoft Edge and Chrome browsers while evading detection. Security researchers from Israel’s National Digital Agency detailed its modular design in recent SpearSpecter campaign analysis.”‹ APT42 deploys TAMECAT in long-term espionage operations against senior defense and government…
New AI-Developed Malware Campaign Targets Iranian Protests

Jan 30, 2026 1:21 PM

Tags: ai, iran, malware

The RedKitten campaign distributes lures designed to target people seeking information about missing persons or political dissidents in Iran First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-malware-redkitten-iranian/
Germany and Israel Pledge Cybersecurity Alliance

Jan 21, 2026 12:13 AM

Tags: china, cyberattack, cybersecurity, defense, germany, iran, korea, north-korea, russia

Berlin Readies Legislation Authorizing More Aggressive Stance in Cyberspace. Germany wants to drastically step up defenses against cyberattacks from foes such as Russia, China, Iran and North Korea, and it’s looking to key ally Israel for lessons and cooperation. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/germany-israel-pledge-cybersecurity-alliance-a-30568
Iranian state TV feed reportedly hijacked to air anti-regime messages

Jan 19, 2026 3:13 PM

Tags: iran, unauthorized

About 10 minutes of unauthorized video aired on Iranian state television over the weekend, according to multiple reports. First seen on therecord.media Jump to article: therecord.media/iran-state-television-reported-hack-opposition
Hacktivists hijacked Iran ‘s state TV to air anti-regime messages and an appeal to protest from Reza Pahlavi

Jan 19, 2026 1:13 AM

Tags: control, iran

Activists hacked Iran ‘s Badr satellite, briefly broadcasting Reza Pahlavi’s anti-regime protest messages on state TV channels. Anti-regime activists briefly took control of Iran ‘s Badr satellite, hijacking state TV to broadcast Crown Prince Reza Pahlavi’s calls for protests against the Islamic Republic. Pahlavi’s media team also shared the footage of the hack. >>Several Iranian…
Iran’s internet shutdown is now one of its longest ever, as protests continue

Jan 15, 2026 8:51 PM

Tags: government, Internet, iran

Iran’s government-imposed internet shutdown enters its second week as authorities continue their violent crackdown on protesters. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/15/irans-internet-shutdown-is-now-one-of-its-longest-ever-as-protests-continue/
Iran’s partial internet shutdown may be a windfall for cybersecurity intel

Jan 14, 2026 10:12 PM

Tags: attack, backup, business, ceo, china, ciso, control, cyber, cybersecurity, data, defense, dns, finance, gartner, government, infrastructure, intelligence, Internet, iran, jobs, malicious, malware, service, siem, skills, soc, threat, zero-trust

only available launchpads. A connection from the Ministry of Agriculture might not be a farmer. It’s likely a tunnel for a state actor who needs an exit node.”Ranjbar said the removal of the traffic from millions of routine Iranian business and residential users allows a powerful visibility into Iranian government traffic patterns, thereby allowing SOCs…
Internet monitoring experts say Iran blackout likely to continue

Jan 12, 2026 11:01 PM

Tags: access, government, Internet, iran, monitoring

Several internet access monitors tracking the situation said the government has continued the total internet shutdown and plans to implement a whitelist of limited, approved sites, indicating the internet blackout is likely to continue for several more days. First seen on therecord.media Jump to article: therecord.media/internet-monitoring-experts-say-iran-blackouts-continue
Illicit Crypto Economy Surges Amid Increased Nation-State Activity

Jan 12, 2026 4:02 PM

Tags: crypto, cybercrime, iran, russia

Cybercriminal cryptocurrency transactions totaled billions in 2025, with activity from sanctioned countries like Russia and Iran causing the largest jump. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/illicit-crypto-economy-surges-nation-states
Iran-linked MuddyWater APT deploys Rust-based implant in latest campaign

Jan 12, 2026 12:02 PM

Tags: access, apt, attack, awareness, cctv, china, communications, computer, control, defense, detection, email, encryption, endpoint, espionage, framework, government, group, india, intelligence, iran, malware, military, network, phishing, russia, rust, threat, tool, training

Rust offers evasion advantages: CloudSEK researchers said RustyWater was developed in Rust, which they said is increasingly used by malware authors for its memory safety features and cross-platform capabilities, according to the blog post. Other state-sponsored groups, including Russia’s Gossamer Bear and China-linked actors, have also deployed Rust-based malware in recent campaigns, according to security…
Dobrindt: Mehr Kooperation mit Israel für Sicherheit Deutschlands

Jan 12, 2026 11:01 AM

Tags: ai, cyber, cyberattack, cybercrime, germany, infrastructure, iran

Deutschland und Israel haben einen Cyber- und Sicherheitspakt geschlossen.Angesichts der wachsenden Gefahr von Angriffen will die Bundesrepublik ihre Zusammenarbeit mit Israel im Sicherheitsbereich ausbauen. Ziel sei mehr Schutz für Deutschland, sagte Bundesinnenminister Alexander Dobrindt (CSU) bei einem Besuch in Israel. Er unterzeichnete zusammen mit dem israelischen Ministerpräsidenten Benjamin Netanjahu einen Cyber- und Sicherheitspakt. Konkret geht es…
ICE Can Now Spy on Every Phone in Your Neighborhood

Jan 10, 2026 2:01 PM

Tags: china, Internet, iran, phone, scam, spy

Plus: Iran shuts down its internet amid sweeping protests, an alleged scam boss gets extradited to China, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-ice-can-now-spy-on-every-phone-in-your-neighborhood/
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

Jan 10, 2026 1:01 PM

Tags: finance, iran, malicious, middle-east, phishing, rat, rust, spear-phishing, threat

The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater.”The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular First seen…
Security News This Week: ICE Can Now Spy on Every Phone in Your Neighborhood

Jan 10, 2026 1:01 PM

Tags: china, Internet, iran, phone, scam, spy

Plus: Iran shuts down its internet amid sweeping protests, an alleged scam boss gets extradited to China, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-ice-can-now-spy-on-every-phone-in-your-neighborhood/
Illicit Crypto Economy Surges as Nation-States Join in the Fray

Jan 9, 2026 8:01 PM

Tags: crypto, cybercrime, iran, russia

Cybercriminal cryptocurrency transactions totaled billions in 2025, with activity from sanctioned countries like Russia and Iran causing the largest jump. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/illicit-crypto-economy-surges-nation-states
Iran cuts Internet nationwide amid deadly protest crackdown

Jan 9, 2026 2:01 PM

Tags: Internet, iran

Iran shut down the internet as protests spread nationwide. Dozens were killed in a violent crackdown amid soaring inflation and a collapsing currency. Iran has shut down the internet nationwide as protests spread across multiple cities. Security forces responded with a violent crackdown that reportedly killed dozens. Demonstrations continued despite the blackout, with shops closing…
Internet collapses in Iran amid protests over economic crisis

Jan 8, 2026 8:02 PM

Tags: Internet, iran, monitoring

Internet monitoring firms and experts say Iran’s internet has almost completely shut down, as protests spread through major cities. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/08/internet-collapses-in-iran-amid-protests-over-economic-crisis/
ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

Jan 8, 2026 3:01 PM

Tags: cloud, flaw, hacker, Internet, iran, leak, rce, remote-code-execution, risk, scam, tool

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.Read on to catch up before the next wave hits. Honeypot…
Lone Hacker Used Infostealers to Access Data at 50 Global Companies

Jan 7, 2026 5:01 PM

Tags: access, breach, data, hacker, iran, password

A Hudson Rock report reveals how an Iranian hacker named Zestix breached 50 global companies, including Iberia Airlines and Pickett Associates, by using stolen passwords and a lack of MFA. First seen on hackread.com Jump to article: hackread.com/lone-hacker-infostealers-global-companies-data/
Treasury removes Intellexa spyware-linked trio from sanctions list

Jan 2, 2026 5:52 PM

Tags: iran, spyware

The three Iranians had only just been added to the list in 2024, but a U.S. official said they had separated themselves from the company. First seen on cyberscoop.com Jump to article: cyberscoop.com/treasury-removes-intellexa-spyware-linked-trio-from-sanctions-list/
Handala Hackers Breach Telegram Accounts Linked to Israeli Officials

Jan 2, 2026 3:52 PM

Tags: breach, cyber, group, hacker, hacking, intelligence, iran, mobile, threat, unauthorized

In December 2025, the Iran-linked hacking group known as Handala escalated its influence operations against Israel’s political establishment by publishing material it claimed was pulled from the fully “compromised” mobile devices of two high-profile officials. A technical review by threat intelligence firm KELA, however, indicates the intrusions were far narrower in scope centered on unauthorized…
Top 10 Cybersecurity Predictions for 2026

Jan 1, 2026 10:52 AM

Tags: access, ai, api, application-security, attack, authentication, automation, awareness, backdoor, backup, best-practice, blockchain, breach, business, ceo, china, ciso, cloud, communications, compliance, computer, computing, conference, control, corporate, crypto, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, email, encryption, espionage, exploit, extortion, finance, fraud, governance, government, group, hacker, hacking, healthcare, identity, incident response, infrastructure, intelligence, Internet, iran, korea, law, linkedin, LLM, malicious, malware, mfa, military, monitoring, msp, mssp, network, nist, north-korea, organized, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, russia, scam, service, skills, soc, social-engineering, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, ukraine, update, vulnerability, vulnerability-management, warfare, windows, zero-day

Top 10 Cybersecurity Predictions for 2026 The year AI changes cybersecurity forever Cybersecurity predictions are an opportunity to look forward instead of back, to be proactive instead of reactive, and to consider how changes in attackers, technology, and the security industry will impact the sustainability of managing cyber risks. Gaining future insights to the threats, targets,…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

Dec 28, 2025 1:56 PM

Tags: android, apt, encryption, international, iran, malware

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan From Linear to Complex: An Upgrade in RansomHouse Encryption Prince of Persia: A Decade of Iranian Nation-State APT Campaign…
Iranian >>Prince of Persia<< APT Resurfaces with Telegram-Controlled Stealth Malware

Dec 23, 2025 5:19 AM

Tags: apt, iran, malware

The post Iranian >>Prince of Persia
Infy Returns: Iran-linked hacking group shows renewed activity

Dec 22, 2025 2:19 PM

Tags: apt, group, hacking, iran

Researchers report renewed activity by Iran-linked Infy (Prince of Persia), showing the hacking group remains active and dangerous after years of silence. SafeBreach researchers have spotted renewed activity from the Iran-linked APT group Infy, also known as Prince of Persia, nearly five years after its last known campaigns in Europe. SafeBreach warns the group remains…
Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence

Dec 21, 2025 7:19 AM

Tags: apt, group, hacking, iran, malware, threat

Threat hunters have discerned new activity associated with an Iranian threat actor known as Infy (aka Prince of Persia), nearly five years after the hacking group was observed targeting victims in Sweden, the Netherlands, and Turkey.”The scale of Prince of Persia’s activity is more significant than we originally anticipated,” Tomer Bar, vice president of security…
Iranian APT Prince of Persia returns with new malware and C2 infrastructure

Dec 20, 2025 12:19 AM

Tags: api, apt, group, hacker, infrastructure, iran, malware

A shift to Telegram: More recently, the researchers identified a new Tonnerre variant that’s advertised as v50, as well as an unknown new Foudre version that goes along with it. These versions use a new C2 server structure and, most importantly, can download a file from the server that enables Telegram communication via its API.The…
Iranian APT Targeting Networks and Critical Infrastructure Organizations

Dec 19, 2025 10:19 PM

Tags: apt, cyber, group, infrastructure, iran, malware, network, threat

Iranian state-sponsored threat actors, previously thought to have gone dormant, have resurfaced with sophisticated new malware campaigns targeting critical infrastructure organizations globally. A new research report released by SafeBreach Labs reveals that the >>Prince of Persia
APT35 Leak Reveals Spreadsheets Containing Domains, Payments, and Server Information

Dec 18, 2025 10:19 PM

Tags: credentials, cyber, government, hacker, intelligence, iran, leak, phishing, threat

Iranian cyber unit Charming Kitten, officially designated APT35, has long been dismissed as a noisy but relatively unsophisticated threat actor a politically motivated collective known for recycled phishing templates and credential-harvesting pages. Episode 4, the latest intelligence dump, fundamentally rewrites that assessment. What emerges is not a hacker collective but a government department, complete with…