Iran Archives

AppWizard

March 17, 2026

Where censored words find a safe haven: Inside Minecraft

The Uncensored Library is a digital space within Minecraft that promotes press freedom and houses over 300 pieces of censored work from around the world. The newly opened U.S. wing features a central Statue of Liberty, surrounded by lecterns displaying contentious texts, including a controversial Stephen Colbert interview and a report on sea-level rise that faced censorship. The library, launched in 2020, allows users from repressive regimes to access vital information without fear of reprisal, and even players in countries with restrictions can connect using virtual private networks. The library's creators, including Tobias Natterer and Reporters Without Borders, designed it as a Grecian temple, symbolizing free expression. The Press Freedom Index indicates a decline in the U.S. ranking due to covert tactics against media freedom. The library serves as a reminder of the importance of vigilance in safeguarding press freedoms.

AppWizard

March 13, 2026

World Day Against Cyber Censorship: RSF unveils new US room in its Minecraft Uncensored Library

The Uncensored Library has added a new room dedicated to the United States and updated content in sections for Egypt, Belarus, Russia, and Iran. The USA room includes analyses of press freedom and a political cartoon by Ann Telnaes that was rejected by the Washington Post. The library allows access to journalism from countries with censorship, using the Minecraft platform for broader reach. New articles include Elahe Mohammadi's piece on Evin Prison in Iran, two articles from MadaMasr in Egypt, over 20 articles from exiled Russian media, and six articles by exiled journalists in Belarus. The library has been visited by over one million users since its launch in 2020.

AppWizard

March 12, 2026

Fake Red Alert app used in Android spyware smishing

Acronis' Threat Research Unit has discovered a targeted campaign against Android users involving a counterfeit version of Israel's Red Alert rocket warning app that distributes spyware. The malicious software is spread through SMS messages that appear to be official communications from the Home Front Command, prompting users to download an "update." The fraudulent app mimics the legitimate safety tool, maintaining its rocket alert functionality to avoid detection. Once installed, the spyware collects sensitive data such as SMS messages, contacts, location information, device accounts, and a list of installed applications. This tactic, termed "smishing," combines SMS and phishing techniques. The malware uses sophisticated methods like certificate spoofing and runtime manipulation to bypass Android's signature checks, and it consists of a loader and a secondary component that executes the real alert application while the spyware operates in the background. The spyware monitors user permissions and can harvest SMS messages, contacts, and location data, adjusting its behavior based on the user's geographical position. It sends collected data to a remote command-and-control server, with the exfiltration endpoint identified as ra-backup[.]com. Acronis suggests this campaign may be linked to the group Arid Viper (APT-C-23), known for targeting Israeli interests with trojanized Android applications. Researchers recommend users only download apps from official sources, avoid sideloading packages from SMS links, and review app permissions carefully. They advise checking for the package name com.red.alertx on devices and performing a factory reset if found, along with changing credentials for any accessed accounts.

AppWizard

March 6, 2026

Research company claims spyware posing as Israel’s Red Alert Android app targeting users

Acronis Threat Research Unit (TRU) has uncovered a cyber espionage campaign targeting Israeli civilians through a fake version of the Red Alert app. The attack begins with a deceptive text message claiming to be from Israel's Home Front Command, urging users to download an updated app due to a malfunction. The fraudulent app closely resembles the legitimate Red Alert app but contains malware that collects sensitive personal information, including messages, contacts, location data, and device account details. This data is stored locally and then transmitted to a remote server controlled by the attackers. The hackers use certificate spoofing and other techniques to bypass Android's security measures, making the malicious app appear legitimate. Cybersecurity experts recommend that Israeli users take precautions to protect their personal information.

Winsage

March 6, 2026

Broken Windows: How Microsoft Loses Its AI Premium

As of March 6, 2026, Microsoft is facing significant challenges, including a quarterly expenditure of .5 billion on data centers and chips, and a decline in cloud margins from 70% to 67%. The adoption rate for its AI assistant, Copilot, is only 3.3%, raising concerns about its future revenue. Additionally, Microsoft’s partnership with OpenAI is under scrutiny due to projected losses of billion for OpenAI this year. The ongoing conflict in the Middle East is expected to increase operational costs for Azure due to rising energy prices and potential shipping delays for server components. If growth slows and margins continue to decline, Microsoft's stock could drop to around per share based on historical valuation averages. The Trefis High Quality Portfolio has outperformed major benchmarks with returns exceeding 105% since its inception, emphasizing the benefits of a diversified investment strategy over individual stocks.

Winsage

February 13, 2026

Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities

Security researcher Wietze Beukema revealed vulnerabilities in Windows LK shortcut files at the Wild West Hackin' Fest, which could allow attackers to deploy harmful payloads. He identified four undocumented techniques that manipulate these shortcut files, obscuring malicious targets from users. The vulnerabilities exploit inconsistencies in how Windows Explorer handles conflicting target paths, allowing for deceptive file properties. One technique involves using forbidden Windows path characters to create misleading paths, while another manipulates LinkTargetIDList values. The most sophisticated method alters the EnvironmentVariableDataBlock structure to present a false target in the properties window while executing malicious commands in the background. Microsoft declined to classify the EnvironmentVariableDataBlock issue as a security vulnerability, stating that exploitation requires user interaction and does not breach security boundaries. They emphasized that Windows recognizes shortcut files as potentially dangerous and provides warnings when opening them. However, Beukema noted that users often ignore these warnings. The vulnerabilities share similarities with CVE-2025-9491, which has been exploited by various state-sponsored and cybercrime groups. Microsoft initially did not address CVE-2025-9491 but later modified LNK files to mitigate the vulnerability after it was widely exploited.

AppWizard

February 12, 2026

Moscow moves to throttle Telegram as Kremlin pushes its own messaging app

Russia's communications regulator, Roskomnadzor, has throttled Telegram's service, affecting nearly 90 million local users, due to the platform's non-compliance with Russian law. A Moscow court has initiated seven legal cases against Telegram in 2026 for not removing content related to "extremist" activities and pornography, potentially resulting in fines exceeding ,000. Kremlin spokesperson Dmitry Peskov stated that restrictions will continue as long as Telegram violates regulations. Pavel Durov, the founder of Telegram, criticized the actions as authoritarian and compared them to Iran's previous ban on the platform. Telegram previously faced a ban in 2018 for refusing to provide encryption keys to the FSB, but the ban was lifted in 2020. Russian officials are promoting a national messaging service called Max, developed by the creator of VKontakte. The restrictions have drawn criticism from state officials and military personnel, particularly in conflict-prone regions, where Telegram is essential for timely news and emergency updates. Pro-war military bloggers have also expressed dissatisfaction with the restrictions, noting Telegram's role in military logistics and communications. The Telegram restrictions are part of a broader trend of internet disruptions in Russia, including mobile internet access cuts and the inaccessibility of major Western platforms without VPNs.

AppWizard

February 11, 2026

UK-based pair behind messaging app accused of giving data to Iranian regime

Hadi and Mahdi Anjidani, co-founders of TS Information Technology, operate a messaging app called Gap Messenger, which is associated with the Iranian regime. Their company is based in Shoreham-by-Sea, West Sussex, and is linked to the Iranian software corporation Towse’e Saman Information Technology (TSIT). Despite claims of encryption and user privacy, experts have raised concerns about Gap Messenger's role in government censorship in Iran. Mahdi Anjidani has expressed pro-regime views in Iranian media and has connections to the Iranian government through his ventures. Gap Messenger has over 1 million downloads on Google Play and is part of Iran's domestic internet network aimed at controlling citizen access to information. Reports suggest that the app may have shared user data with Iranian authorities. The Anjidani brothers have ties to various business ventures in Iran, including a social network and a payment platform.

AppWizard

February 11, 2026

Kremlin regrets Telegram restrictions but some say messenger’s fate is sealed in Russia

The Kremlin expressed regret over recent restrictions imposed on Telegram, with spokesman Dmitry Peskov stating that the limitations are due to the company's non-compliance with Russian laws. Peskov indicated that it is unfortunate Telegram is not adhering to these regulations. Reports emerged that Russian users experienced disruptions in Telegram services, with over 11,000 complaints logged in a 24-hour period, leading to Roskomnadzor initiating restrictions. The Federal Service for Supervision of Communications confirmed it would impose consistent restrictions on Telegram until it complies with Russian legislation. Telegram may face fines totaling 64 million rubles due to alleged failures to remove illegal content. Telegram founder Pavel Durov criticized the government's actions, suggesting they aim to push users towards a state-controlled app. Analysts noted that Durov's stance could hinder potential cooperation with Russian authorities and that a complete ban on Telegram might occur by mid-March unless a resolution is reached. Durov, who has lived outside Russia for over a decade, indicated that Telegram stands for freedom of speech and privacy.

AppWizard

January 30, 2026

UK-based founders accused of sharing app data with Iranian authorities

Hadi and Mahdi Anjidani lead TS Information Technology, a UK branch of the Iranian firm Towse’e Saman Information Technology, known for developing Gap Messenger, a domestic alternative to Telegram. The company is registered in West Sussex, UK. Gap Messenger claims to be encrypted and not share user data with third parties, but Iranian digital rights researchers have raised concerns about its involvement in state surveillance, supported by leaked emails from Iran’s attorney general's office from 2022. Mahdi Anjidani, the CEO, has publicly supported government regulation of foreign messaging apps and has identified himself as a proponent of the Islamic Revolution. Gap Messenger operates within Iran's state-controlled internet, often during internet shutdowns linked to protests. The Anjidani brothers' business operations suggest a close alignment with Iranian authorities, as domestic messaging platforms typically require significant political backing to operate.