Iran Archives

Winsage

February 13, 2026

Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities

Security researcher Wietze Beukema revealed vulnerabilities in Windows LK shortcut files at the Wild West Hackin' Fest, which could allow attackers to deploy harmful payloads. He identified four undocumented techniques that manipulate these shortcut files, obscuring malicious targets from users. The vulnerabilities exploit inconsistencies in how Windows Explorer handles conflicting target paths, allowing for deceptive file properties. One technique involves using forbidden Windows path characters to create misleading paths, while another manipulates LinkTargetIDList values. The most sophisticated method alters the EnvironmentVariableDataBlock structure to present a false target in the properties window while executing malicious commands in the background. Microsoft declined to classify the EnvironmentVariableDataBlock issue as a security vulnerability, stating that exploitation requires user interaction and does not breach security boundaries. They emphasized that Windows recognizes shortcut files as potentially dangerous and provides warnings when opening them. However, Beukema noted that users often ignore these warnings. The vulnerabilities share similarities with CVE-2025-9491, which has been exploited by various state-sponsored and cybercrime groups. Microsoft initially did not address CVE-2025-9491 but later modified LNK files to mitigate the vulnerability after it was widely exploited.

AppWizard

February 12, 2026

Moscow moves to throttle Telegram as Kremlin pushes its own messaging app

Russia's communications regulator, Roskomnadzor, has throttled Telegram's service, affecting nearly 90 million local users, due to the platform's non-compliance with Russian law. A Moscow court has initiated seven legal cases against Telegram in 2026 for not removing content related to "extremist" activities and pornography, potentially resulting in fines exceeding ,000. Kremlin spokesperson Dmitry Peskov stated that restrictions will continue as long as Telegram violates regulations. Pavel Durov, the founder of Telegram, criticized the actions as authoritarian and compared them to Iran's previous ban on the platform. Telegram previously faced a ban in 2018 for refusing to provide encryption keys to the FSB, but the ban was lifted in 2020. Russian officials are promoting a national messaging service called Max, developed by the creator of VKontakte. The restrictions have drawn criticism from state officials and military personnel, particularly in conflict-prone regions, where Telegram is essential for timely news and emergency updates. Pro-war military bloggers have also expressed dissatisfaction with the restrictions, noting Telegram's role in military logistics and communications. The Telegram restrictions are part of a broader trend of internet disruptions in Russia, including mobile internet access cuts and the inaccessibility of major Western platforms without VPNs.

AppWizard

February 11, 2026

UK-based pair behind messaging app accused of giving data to Iranian regime

Hadi and Mahdi Anjidani, co-founders of TS Information Technology, operate a messaging app called Gap Messenger, which is associated with the Iranian regime. Their company is based in Shoreham-by-Sea, West Sussex, and is linked to the Iranian software corporation Towse’e Saman Information Technology (TSIT). Despite claims of encryption and user privacy, experts have raised concerns about Gap Messenger's role in government censorship in Iran. Mahdi Anjidani has expressed pro-regime views in Iranian media and has connections to the Iranian government through his ventures. Gap Messenger has over 1 million downloads on Google Play and is part of Iran's domestic internet network aimed at controlling citizen access to information. Reports suggest that the app may have shared user data with Iranian authorities. The Anjidani brothers have ties to various business ventures in Iran, including a social network and a payment platform.

AppWizard

February 11, 2026

Kremlin regrets Telegram restrictions but some say messenger’s fate is sealed in Russia

The Kremlin expressed regret over recent restrictions imposed on Telegram, with spokesman Dmitry Peskov stating that the limitations are due to the company's non-compliance with Russian laws. Peskov indicated that it is unfortunate Telegram is not adhering to these regulations. Reports emerged that Russian users experienced disruptions in Telegram services, with over 11,000 complaints logged in a 24-hour period, leading to Roskomnadzor initiating restrictions. The Federal Service for Supervision of Communications confirmed it would impose consistent restrictions on Telegram until it complies with Russian legislation. Telegram may face fines totaling 64 million rubles due to alleged failures to remove illegal content. Telegram founder Pavel Durov criticized the government's actions, suggesting they aim to push users towards a state-controlled app. Analysts noted that Durov's stance could hinder potential cooperation with Russian authorities and that a complete ban on Telegram might occur by mid-March unless a resolution is reached. Durov, who has lived outside Russia for over a decade, indicated that Telegram stands for freedom of speech and privacy.

AppWizard

January 30, 2026

UK-based founders accused of sharing app data with Iranian authorities

Hadi and Mahdi Anjidani lead TS Information Technology, a UK branch of the Iranian firm Towse’e Saman Information Technology, known for developing Gap Messenger, a domestic alternative to Telegram. The company is registered in West Sussex, UK. Gap Messenger claims to be encrypted and not share user data with third parties, but Iranian digital rights researchers have raised concerns about its involvement in state surveillance, supported by leaked emails from Iran’s attorney general's office from 2022. Mahdi Anjidani, the CEO, has publicly supported government regulation of foreign messaging apps and has identified himself as a proponent of the Islamic Revolution. Gap Messenger operates within Iran's state-controlled internet, often during internet shutdowns linked to protests. The Anjidani brothers' business operations suggest a close alignment with Iranian authorities, as domestic messaging platforms typically require significant political backing to operate.

AppWizard

January 28, 2026

To the MAX: Authoritarian states are developing messaging apps in an effort to control their populations

In Novorossiysk, Russia, students are mandated to install the state-backed MAX messaging app to avoid exclusion from winter examinations, part of a broader initiative to shift communication to this platform. This reflects a trend in Russia where the government promotes state-sanctioned IT services, similar to efforts seen in other authoritarian regimes. MAX is compared unfavorably to WeChat, which has a robust ecosystem and a large user base, while MAX struggles to gain traction in a smaller Russian market. Previous Russian efforts at creating sovereign messaging apps, like TamTam and ICQ New, have failed. Laws now require communication through MAX, raising concerns about privacy and security. Despite initial resistance, there is a potential for MAX to become a communication staple in Russia if alternative platforms are restricted. In Iran, the state-run super app Rubika has faced public resistance, similar to the skepticism surrounding MAX in Russia as it may facilitate state censorship.

Winsage

December 5, 2025

Microsoft Silently Fixes 8-Year Windows Security Flaw

Microsoft addressed a critical vulnerability in Windows, identified as CVE-2025-9491, which had existed for nearly eight years and allowed cybercriminals to conceal malicious commands within .LNK (shortcut) files. This flaw was exploited by state-sponsored hacking groups from countries including China, Iran, North Korea, and Russia, with evidence of nearly 1,000 malicious shortcut files used in various campaigns. The vulnerability was initially downplayed by Microsoft, which stated it did not require immediate servicing. However, as exploitation increased, Microsoft eventually included a fix in its November 2025 Patch Tuesday updates, which was not publicly announced. The fix allows the entire Target command to be displayed in the Properties dialog, addressing the security risk. Research indicated that around 70% of campaigns exploiting this flaw were focused on espionage and information theft across multiple sectors.

Winsage

December 5, 2025

Microsoft Silently Activates Critical Windows Security Update

Microsoft has enhanced its Windows security measures by addressing the CVE-2025-9491 vulnerability, which has existed for nearly eight years and was exploited by state-sponsored groups for cyber espionage and data theft. The vulnerability was previously identified as ZDI-CAN-25373 and ZDI-25-148 by Trend Micro. The November Patch Tuesday updates have fixed this issue, which was described as having been demoted from a vulnerability to a functional bug. The update modifies the Properties dialog of a .lnk file to display the entire Target command in a single line. Microsoft has not officially acknowledged the update but stated that it is continuously rolling out enhancements for security and user experience.

Winsage

December 3, 2025

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has addressed a long-standing security vulnerability, identified as CVE-2025-9491, which has been exploited since 2017. This vulnerability involves a misinterpretation issue within Windows Shortcut (LNK) files, potentially allowing remote code execution. The flaw was highlighted in the November 2025 Patch Tuesday updates, with a CVSS score of 7.8/7.0. It allows crafted .LNK files to obscure harmful content, making it invisible to users, thus enabling attackers to execute code under the current user's context. The vulnerability was exploited by various state-sponsored groups, including those from China, Iran, North Korea, and Russia, for data theft and espionage. Microsoft initially deemed the flaw not warranting immediate attention, citing user interaction requirements and existing system warnings. Subsequent investigations revealed its exploitation by cyber espionage groups, including XDSpy and China-affiliated actors targeting European entities. The recent patch aims to ensure that the entire Target command is displayed in the Properties dialog, while 0patch provides warnings for LNK files exceeding 260 characters.

AppWizard

November 4, 2025

Malicious Android apps on Google Play downloaded 42 million times

The Android ecosystem has seen a significant rise in malicious applications, with over 40 million harmful apps downloaded from Google Play between June 2024 and May 2025. There has been a 67% year-over-year increase in malware targeting mobile devices, particularly spyware and banking trojans. Cybercriminals are shifting tactics from card fraud to mobile payment exploitation, employing phishing, smishing, SIM-swapping, and payment scams. Banking malware transactions reached 4.89 million in 2025, with a slowed growth rate of 3%. Malicious applications increased from 200 to 239, totaling 42 million downloads, with adware now accounting for 69% of all detections. Spyware has surged by 220% year-over-year, with India, the U.S., and Canada being the most affected countries. Notable malware families include Anatsa, which targets financial institutions, Android Void (Vo1d), which affects Android TV boxes, and Xnotice, which targets job seekers. IoT devices, particularly routers, are also being exploited, with the majority of attacks occurring in the U.S. Zscaler recommends implementing security measures such as regular updates, trusting reputable publishers, and adopting zero-trust technology for organizations.