Iran War and beyond
(Al Arabiya) Iran’s Islamic Revolutionary Guard Corps (IRGC) threatened on Monday to target US companies across the region, calling on employees to evacuate the sites. – Iran’s IRGC threatens to target US companies in region, urges evacuations
(Al Arabiya) Iran’s new supreme leader has appointed a former chief of the country’s Islamic Revolutionary Guard Corps (IRGC) as a military advisor, state-linked media reported on Monday. “General Mohsen Rezaei was appointed as military advisor by the order of commander-in-chief Ayatollah Mojtaba Khamenei,” Mehr news agency reported. – Iran supreme leader appoints former IRGC chief as military advisor
(AFP/Al Arabiya) Turkey on Monday condemned Israel’s ground operation in Lebanon, cautioning against “another humanitarian catastrophe” unfolding in the Middle East. – Turkey condemns Israeli ground operation in Lebanon
(Reuters/Al Arabiya) The European Union on Monday imposed sanctions on 16 individuals and three entities it said were responsible for serious human rights violations in Iran. – EU imposes sanctions over Iran protest crackdown
(Al Arabiya) A strike on Monday near Iraq’s western border with Syria killed six fighters from the former paramilitary coalition al-Hashed al-Shaabi, the alliance said. The fighters from the alliance – also known as the Popular Mobilization Forces (PMF), now part of Iraq’s regular army – were struck by a “Zionist bombing” that targeted “an official security position belonging to al-Hashed al-Shaabi.” – Strike kills six Iraqi fighters near Syria border
(Al Arabiya) A Saudi source told Al Arabiya on Monday that a report by The New York Times claiming the Kingdom’s leadership is encouraging a prolonged war with Iran is false. – Saudi source denies NYT report claiming Kingdom encouraging prolonged Iran war
(Reuters/Al Arabiya) The United States is “fine” with some Iranian, Indian and Chinese ships going through the Strait of Hormuz for now, Treasury Secretary Scott Bessent said on Monday, adding that any action to mitigate higher prices would depend on how long the Iran war lasts. – US ‘fine’ with some ships getting through Strait of Hormuz, Bessent says
(Al Arabiya) Communications are ongoing with different parties to guarantee the Strait of Hormuz is fully opened for goods to reach the Gulf and to export energy products from the region, Qatar’s foreign ministry spokesperson Majed al-Ansari said on Monday. Iran has effectively shut the Strait of Hormuz, amid the US-Israeli war on Iran, now in its third week. Iranian forces have attacked ships in the narrow channel between Iran and Oman, choking off a fifth of global oil supply in the biggest disruption ever. – Qatar says communications ongoing to ensure Strait of Hormuz is fully opened
(Reuters/Al Arabiya) Israel on Monday warned that displaced Lebanese driven from their homes by its military would not be able to return until the safety of Israelis living near the border was ensured. The warning from the country’s defense minister came as Israeli troops pushed into new parts of southern Lebanon as it intensified its campaign against Hezbollah. – Israel says Lebanese displaced won’t return until its own citizens are safe
(Agencies/Al Arabiya) Iran has not requested a ceasefire, Foreign Minister Abbas Araghchi said on Monday according to the semi-official Students News Network, and wants to ensure that any end to the war with Israel and the US is definitive. – Iran says any end to US-Israeli war must be definitive
Cyber (In)Security and Surveillance
(Daryna Antoniuk – The Record) The Russian city of Perm has restored its parking payment system after a cyberattack last week knocked the service offline and temporarily made parking free for several days. City authorities confirmed Monday that the system is now fully operational and that all payment methods are working normally. The disruption was caused by a large-scale distributed denial-of-service (DDoS) attack that overwhelmed the city’s automated parking payment infrastructure, according to local officials. – Cyberattack disrupts parking payments in Russian city | The Record from Recorded Future News
(Daryna Antoniuk – The Record) A relatively new Russia-linked hacker group has launched a cyber-espionage campaign targeting Ukrainian organizations using spyware disguised within documents about Starlink satellite internet terminals and a well-known Ukrainian charity, researchers have found. The campaign, observed in February, deployed a backdoor dubbed DrillApp that allows attackers to upload and download files from infected computers, record audio through a microphone and capture images from a webcam, according to a report by cybersecurity firm Lab52. Researchers attributed the campaign to the Russian-linked hacker group Laundry Bear, also tracked as Void Blizzard, which has been active since at least 2024 and has previously targeted NATO member states and Ukrainian institutions. – Russia-linked espionage campaign targeting Ukraine using Starlink and charity lures | The Record from Recorded Future News
(Kevin Poireault – Infosecurity Magazine) Fake shipment tracking scams are rapidly scaling across the world, exploiting the 161 billion annual parcel volume that fuels global e-commerce, according to threat intelligence provider Group-IB. The firm’s Threat Intelligence research team detected a spike in this type of scheme exploiting the popularity of parcel delivery services in 2025. From almost no such activity observed in 2024, the researchers identified over 100 fake shipment tracking campaigns almost every month throughout the past year, with peaks at 218 and 208 unique campaigns in June and December 2025, respectively. – Researchers Warn of Global Surge in Fake Shipment Tracking Scams – Infosecurity Magazine
(Alessandro Mascellino – Infosecurity Magazine) A set of newly identified vulnerabilities in the Linux security module AppArmor could allow attackers to gain root access, bypass system protections and trigger service outages across millions of systems. The issues, collectively named ‘CrackArmor,’ were discovered by the Qualys Threat Research Unit (TRU). The researchers identified nine flaws that have existed in the Linux kernel since version 4.11 in 2017. Because AppArmor is enabled by default in widely used Linux distributions, including Ubuntu, Debian and SUSE, the exposure is extensive. – CrackArmor Flaws Expose Linux Systems to Privilege Escalation – Infosecurity Magazine
(Alessandro Mascellino – Infosecurity Magazine) A method for exfiltrating sensitive data from AI-powered code execution environments using domain name system (DNS) queries has been demonstrated by security researchers, highlighting potential risks in cloud-based AI tooling. The Phantom Labs Research report, published on March 16, focuses on AWS Bedrock AgentCore Code Interpreter and shows how attackers could bypass expected network restrictions in Sandbox Mode to retrieve data from cloud resources. The technique relies on DNS resolution capabilities that remain active even when outbound network connections are otherwise restricted. According to the researchers, this behaviour allows malicious instructions embedded in files to create a covert command-and-control (C2) channel. – Security Flaw in AWS Bedrock Code Interpreter Raises Alarms – Infosecurity Magazine
(Phil Muncaster – Infosecurity Magazine) The FBI is asking gamers who unwittingly downloaded malware from the popular Steam platform to help with its investigation. FBI’s Seattle Division issued a notice in mid-March as it continued in its search for the threat actor responsible for the malware campaign. “The FBI believes the threat actor primarily targeted users between the timeframe of May 2024 and January 2026,” it said. – FBI Calls for Help to Track Steam Malware Campaign – Infosecurity Magazine
(Phil Muncaster – Infosecurity Magazine) The UK’s Companies House has been forced to suspend access to its WebFiling dashboard after being notified of a serious flaw which may have exposed countless businesses to fraud. The government agency, which is in charge of incorporating and dissolving the nation’s listed companies, made the move on Friday after being notified by Dan Neidle, founder of Tax Policy Associates. It was brought to the attention of Neidle by John Hewitt at business service provider Ghost Mail. As the former explained in a blog post on Friday, the security glitch is quite simple to exploit. – Companies House Web Glitch Exposes Corporate Details to Fraudsters – Infosecurity Magazine
US
(Neil Irwin – Axios) Jerome Powell’s term as Federal Reserve chair expires in less than two months. What happens then has only gotten murkier since a court ruling Friday in his favor. The question of who will be in charge of the world’s most important central bank later this spring — at a time of elevated inflation, stalled job creation and a war overseas driving energy prices higher — is looking surprisingly uncertain. The legal and political clash underway right now is the stuff of central banking history — and it is unclear who will blink.
What happens next in the nomination of Kevin Warsh, the president’s pick to succeed Powell on May 15, is as cloudy as ever. – Fed, Trump fight: Time is running out as Powell’s term nears its end
