President Trump provided an update on the Iran war, claiming progress and projecting another two to three weeks of military involvement. He reiterated threats to escalate attacks if negotiations fail and emphasized the need for allies to help reopen the Strait of Hormuz. Polls show that many Americans doubt his strategy and clarity on the conflict's end.

Iranian threat groups have been linked to missile strikes in Israel and the Red Sea, with Amazon's Threat Intel revealing that cyber espionage provided critical reconnaissance for these attacks. The incidents highlight a troubling trend where cyber operations are increasingly used to enhance physical military actions.

An Iranian activist exposed a phishing campaign targeting high-profile users in the Middle East, aiming to steal Gmail and WhatsApp credentials. The hackers used a fake website to capture sensitive information and potentially conduct surveillance on victims. The campaign's timing suggests possible ties to government-backed espionage efforts.

In December 2025, protests in Iran escalated into demands for regime change, prompting the government to shut down internet access. By January 8, 2026, internet traffic from Iran dropped to nearly zero, reflecting a complete disconnection from the global network. Brief moments of connectivity were observed on January 9, but overall access remains severely limited.

Iranian hacking group APT42 has been conducting a sophisticated campaign against senior defense and government officials, using social engineering tactics and even targeting their families to apply pressure. The malware they deploy operates stealthily, blending with normal activity and employing various techniques to maintain persistence and exfiltrate sensitive data.

The US government announced a $10 million reward for information on Iranian hackers linked to the group Emennet Pasargad, now referred to as Shahid Shushtari. The group has been involved in cyberattacks against critical infrastructure and influence operations since at least 2020. Key individuals targeted include group leader Mohammad Bagher Shirinkar and employee Fatemeh Sedighian Kashi.

Iran's central bank bought over $500 million in Tether's USDT to stabilize the rial and conduct international trades amid sanctions. Research from Elliptic reveals the bank's systematic accumulation of USDT and how it was transferred to various exchanges after a significant hack. The findings highlight the complexities of using stablecoins for sanctions evasion.

Profero successfully decrypted DarkBit ransomware, enabling recovery of a victim's files without ransom payment. The attack, linked to Iranian state-sponsored actors, involved a unique encryption method that Profero exploited, ultimately leading to significant data recovery due to the sparse nature of the affected VMware ESXi server files. Profero is offering assistance to future victims but will not publicly release the decryptor.

An Iranian individual has pleaded guilty to participating in the RobbinHood ransomware attacks, which targeted various organizations, leading to significant financial losses. He now faces a potential sentence of up to 30 years in prison for his crimes.

The article explores the state of Iran's internet infrastructure and censorship practices from the perspective of Censys, highlighting the challenges faced by users in accessing information and the implications for privacy and security. It discusses the technical and political factors that shape the online environment in Iran, emphasizing the need for improved transparency and access to information.

Following U.S. military strikes on Iranian nuclear sites, the crypto market experienced over $1 billion in liquidations, with Bitcoin's price falling below $100,000 for the first time in 45 days. The majority of liquidations affected long positions, while altcoins saw the steepest declines amidst growing concerns over potential disruptions in global oil trade.

The Israel-linked Predatory Sparrow hacking group has stolen over $90 million from Nobitex, Iran’s largest cryptocurrency exchange, as part of escalating cyber hostilities between Israel and Iran. The hackers drained various cryptocurrencies and destroyed the assets by locking them in inaccessible wallets, signaling a significant intensification of the ongoing cyber shadow war.

A hacking group named Lab Dookhtegan has reportedly disrupted communications of Iranian ships, indicating a significant cyber attack on maritime operations. This incident highlights ongoing tensions and the increasing use of cyber warfare tactics in geopolitical conflicts.

Stormshield's CTI team discovered servers linked to APT35, an Iranian APT group known for phishing campaigns. The team provided insights on how to identify these servers, highlighting ongoing phishing tactics targeting various sectors, particularly in Israel. They shared specific indicators of compromise and methods for tracking related domains.

CISA, FBI, DC3, and NSA issued a joint statement warning about potential targeted cyber activities by Iranian-affiliated actors against U.S. critical infrastructure. While no coordinated attacks have been detected, organizations are urged to remain vigilant and implement cybersecurity best practices to defend against possible threats.

Iran's government announced it has shut down internet access nationwide as a precautionary measure against potential cyberattacks. This move comes amid rising tensions and concerns over security threats in the region. The government claims the internet disruption is necessary to protect national infrastructure and public safety.