Iran
Iran intelligence backdoored US bank, airport networks • The Register - Iranian Ministry of Intelligence and Security (MOIS) has been embedded in multiple US companies’ networks - including a bank, software firm, and airport, among others - since the beginning of February, with more activity in the days following the US and Israeli military strikes, according to security researchers. Plus, the compromised software company supplies its tech to defense and aerospace industries among others, and has a presence in Israel.
Top general spotlights cyber role in Iran conflict • The Register - Operators with US Cyber Command and Space Command were first movers in the invasion of Iran, “layering non-kinetic effects, disrupting and degrading and blinding Iran,” Caine added. “Coordinated space and cyber operations effectively disrupted communications and sensor networks across the area of responsibility, leaving the adversary without the ability to see, coordinate, or respond effectively.”
Podcast from the Register on Tech/Iran - Tech takes center stage in the US’ war with Iran
Surveillance & Cams
‘Hundreds’ of Iranian hacking attempts hit IP cameras • The Register This more recent camera-targeting activity from infrastructure attributed to “several Iran-nexus threat actors” may be an “early indicator of potential follow-on kinetic activity.” The threat hunters urged defenders to update camera firmware and software to the latest patched versions, and remove direct WAN access so cameras aren’t exposed to the public internet. They also suggested isolating cameras on a dedicated VLAN with no lateral access to corporate or operational technology networks, and monitoring for repeated login failures or unexpected remote logins. From Iran to Ukraine, everyone’s trying to hack security cameras - Ars Technica
FBI investigates breach of surveillance and wiretap systems - the breach affected FBI systems used to manage wiretapping and foreign intelligence surveillance warrants.
Malvertising
Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware - Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing’s AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware.
Fake Claude Code install guides push infostealers in InstallFix attacks - The researchers say that apart from the installation instructions, all links on the fake page redirect to the legitimate Anthropic site. The new trick exploits the common practice among developers these days of downloading and executing scripts through ‘curl-to-bash’ commands from online sources without closely inspecting the assets first.
Apple and Spyware
Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 - The kit is said to have circulated among multiple threat actors since February 2025, moving from a commercial surveillance operation to a government-backed attacker, and finally, to a financially motivated threat actor operating from China by December. Feds take notice of iOS vulnerabilities exploited under mysterious circumstances - Ars Technica An iPhone-hacking toolkit used by Russian spies likely came from U.S military contractor | TechCrunch
E// Breach
Ericsson breach blamed on third party vendor vishing attack • The Register - A voice-phishing scam targeting one of Ericsson’s service providers has exposed the personal data of more than 15,000 individuals after attackers sweet-talked an employee into handing over access. Ericsson US discloses data breach after service provider hack
Misc
Google will soon ship Chrome updates every two weeks • The Register - “While releases will be more frequent, their smaller scope minimizes disruption and simplifies post-release debugging,” the pair wrote. “And thanks to recent process enhancements, we are confident this shift will maintain our high standards for stability.”
Meta’s AI Smart Glasses and Data Privacy Concerns: Workers Say “We See Everything” - The workers in Kenya say that it feels uncomfortable to go to work. They tell us about deeply private video clips, which appear to come straight out of Western homes, from people who use the glasses in their everyday lives. Several describe video material showing bathroom visits, sex and other intimate moments.
Meta smart glasses face UK privacy probe • The Register - The investigation raises questions about cross-border data flows. Under the EU’s GDPR, companies transferring personal data to contractors outside the bloc must ensure the information is protected through approved safeguards.
US contractor’s son arrested over alleged $46M crypto theft • The Register - The investigator claims it all started after Daghita and another cryptocurrency enthusiast became involved in a public spat over who had control of the most cryptocurrency. This spat, hosted on Telegram and recorded by onlookers, led to the identification of wallet addresses controlled by Daghita, and showed transactions between them.
Spyware disguised as emergency-alert app sent to Israelis • The Register - SMS messages impersonating the official “Oref Alert” rocket warning service, distributed from spoofed sender IDs, urged recipients to install an updated version of the emergency-alert app. The messages included a bit.ly shortened link - but instead of taking users to a legitimate Red Alert update, it redirected them to download spyware that collects and steals their information. Malware developers used spoofed certificates and spoofed the installer source, making the software appear to have been installed from Google Play. This allowed it to bypass Android security checks and appear to be legitimately signed.
Russian crims phish way into Signal and WhatsApp accounts • The Register - According to the agencies, the attackers approach targets directly via chats and persuade them to share security verification codes or PINs, effectively giving the intruders full access to the account. In some cases, the attackers reportedly impersonate a Signal support bot to make the request look legitimate. Once the code is shared, attackers can log in and read messages or monitor group chats without needing to defeat the underlying encryption.
ShinyHunters claims yet another Salesforce customers breach • The Register - “Have stolen data from almost 400 websites and about 100 essential high profile companies Snowflake, Okta, Lastpass, Salesforce itself, Sony, AMD, and a lot more,” a ShinyHunters spokesperson told us, adding that the “recon and exploitation has been going on for several months now.”
Microsoft Teams phishing targets employees with A0Backdoor malware - The attacker relies on social engineering to gain the employee’s trust by first flooding their inbox with spam and then contacting them over Teams, pretending to be the company’s IT staff, offering assistance with the unwanted messages.
Salt Typhoon is hacking the world’s phone and internet giants — here’s everywhere that’s been hit | TechCrunch - Salt Typhoon is behind one of the broadest hacking campaigns in recent years, targeting some of the world’s largest phone and internet companies and stealing tens of millions of phone records about senior government officials. Map
ICE Phishing: Scammers Are Sending ‘Support ICE’ Emails to Steal Credentials - Besides the ICE-themed phishing emails, Benenson also received an email that said SendGrid was going to add a “pride-themed footer to all emails” and another that said “all emails sent from your account will feature a commemorative theme honoring George Floyd and the Black Lives Matter movement.”