1010.cx

  • Expect Iranian regime to respond to US‑Israeli strikes as existential threats

    ·

    After U.S. and Israeli missiles struck Iran’s nuclear sites in June 2025, Tehran responded with a limited attack on the American airbase in Qatar. Five years before that, a U.S. drone strike against Qasem Soleimani, head of the powerful Islamic Revolutionary Guard Corps Quds Force, was met with followed by an attack on two American bases in Iraq shortly thereafter.

    Expect none of that restraint by Iran’s leaders following the latest U.S. and Israeli military operation currently playing out in the Gulf nation.

    In the early hours of Feb. 28, 2026, hundreds of missiles struck multiple sites in Iran. Part of “Operation Epic Fury,” as the U.S. Department of Defense has called it, the strikes follow months of U.S. military buildup in the region. But they also come after apparent diplomatic efforts, in the shape of a series of nuclear talks in Oman and Geneva aimed at a peaceful resolution.

    Any such deal is surely now completely off the table. In scale and scope, the U.S. and Israel attack goes far beyond any previous strikes on the Gulf nation.

    In response, Iran has said it will use “crushing” force. As an expert on Middle East affairs and a former senior official at the National Security Council during the first Trump administration, I believe the calculus both in Washington and more so in Tehran is very different from earlier confrontations: Iran’s leaders almost certainly see this as an existential threat given President Donald Trump’s statement and the military campaign already underway. And there appears to be no obvious off-ramp to avoid further escalation.

    What we should expect now is a response from Tehran that utilizes all of its capabilities – even though they have been significantly degraded. And that should be a worry for all nations in the region and beyond.

    It is important to note that we are in the early stages of this conflict – much is unknown. 

    As of Feb. 28, it is unclear who has been killed among Iran’s leadership and to what extent Iran’s ballistic missile capabilities have been degraded. The fact that ballistic missiles have been launched at regional states that host U.S. military bases suggests that, at a minimum, Iran’s military capabilities have not been entirely wiped out.

    Iran fired over 600 missiles against Israel last June during their 12-day war, but media reporting and Iranian statements over the past month suggested that Iran managed to replenish some of its missile inventory, which it is now using.

    Clearly Washington is intent on crippling Iran’s ballistic program, as it is that capability that allows Iran to threaten the region most directly. A sticking point in the negotiations in Geneva and Oman was U.S. officials’ insistence that both Iran’s ballistic missiles and its funneling of support to proxy groups in the region be on the table, along with the longstanding condition that Tehran ends all uranium enrichment. Tehran has long resisted attempts to have limits on its ballistic missiles as part of any negotiated nuclear deal given their importance in Iran’s national security doctrine.

    This explains why some U.S. and Israeli strikes appear to be aimed at taking out Iran’s ballistic and cruise missile launch sites and production facilities and storage locations for such weapons.

    With no nuclear weapon, Iran’s ballistic missiles have been the country’s go-to method for responding to any threat. And so far in the current conflict, they have been used on nations including the United Arab Emirates, Qatar, Kuwait and Bahrain.

    But the Trump administration appears to have expanded its aims beyond removing Iran’s nuclear and non-nuclear military threat. The latest strikes have gone after leadership, too. 

    Among the locations of the first U.S.-Israeli strikes was a Tehran compound in which the Supreme Leader Ayatollah Ali Khamenei in known to reside, and Israel’s prime minister has confirmed that the 86-year-old leader was a target of the operation.

    While the status of the supreme leader and other key members of Iran’s leadership remains unknown as of this writing, it is clear that the U.S. administration hopes that regime change will follow Operation Epic Fury. “When we are finished, take over your government. It will be yours to take,” Trump told Iranians via a video message recorded during the early hours of the attack.

    Signaling a regime change operation may encourage Iranians unhappy with decades of repressive rule and economic woes to continue where they left off in January – when hundreds of thousands took to the street to protest.

    But it carries risks for the U.S. and its interests. Iran’s leaders will no longer feel constrained, as they did after the Soleimani assassination and the June 2025 conflict. On those occasions, Iran responded in a way that was not even proportionate to its losses – limited strikes on American military bases in the region. 

    Now the gloves are off, and each side will be trying to land a knockout blow. But what does that constitute? The U.S. administration appears to be set on regime change. Iran’s leadership will be looking for something that goes beyond its previous retaliatory strikes – and that likely means American deaths. That eventuality has been anticipated by Trump, who warned that there might be American casualties.

    So why is Trump willing to risk that now? It is clear to me that despite talk of progress in the rounds of diplomatic talks, Trump has lost his patience with the process.

    On Feb. 26, after the latest round of talks in Geneva, we didn’t hear much from the U.S. side. Trump’s calculus may have been that Iran wasn’t taking the hint – made clear by adding a second carrier strike group to the other warships and hundreds of fighter aircraft sent to the region over the past several weeks – that Tehran had no option other than agreeing to the U.S. demands.

    What we don’t know is whether the U.S. strategy is now to pause and see if an initial round of strikes has forced Iran to sue for peace – or whether the initial strikes are just a prelude to more to come.

    For now, the diplomatic ship appears to have sailed. Trump seems to have no appetite for a deal now – he just wants Iran’s regime gone. 

    In order to do that, he has made a number of calculated gambles. First politically and legally: Trump did not go through Congress before ordering Operation Epic Fury. Unlike 23 years ago when President George W. Bush took the U.S. into Iraq, there is no war authorization giving the president cover.

    Instead, White House lawyers must have assessed that Trump can carry out this operation under his Article 2 powers to act as commander in chief. Even so, the 1973 War Powers Act will mean the clock is now ticking. If the attacks are not concluded in 60 days, the administration will have to go back to Congress and say the operation is complete, or work with Congress for an authorization to use force or a formal declaration of war.

    The second gamble is whether Iranians will heed his call to remove a regime that many have long wanted gone. Given the ferocity of the regime’s response to the protests in January, which resulted in the deaths of thousands of Iranians, are Iranians willing to face down Iran’s internal security forces and drive what remains of the regime from power?

    Third, the U.S. administration has made a bet that the Iranian regime – even confronted with an existential threat – does not have the capability to drag the U.S. into a lengthy conflict to inflict massive casualties.

    And this last point is crucial. Experts know Tehran has no nuclear bomb and only has a limited stockpile of drones and cruise and ballistic missiles.

    But it can lean on unconventional capabilities. Terrorism is a real concern – either through the Islamic Revolutionary Guard Corps’ Quds Force, which coordinates Iran’s unconventional warfare, or through its partnership with Hezbollah in Lebanon. Or actors like the Houthis in Yemen or Shia militias in Iraq may seek to conduct attacks against U.S. interests in solidarity with Iran or directed to do so by the regime. 

    A mass casualty event may put political pressure on Trump, but I cannot see it leading to U.S. boots on ground in Iran. The American public doesn’t have the appetite for such an eventuality, and that would necessitate Trump gaining Congressional approval, which for now has not yet materialized.

    No one has a crystal ball, and it is early in an operation that will likely go on for days, if not longer. But one thing is clear: Iran’s regime is facing an existential threat. Do not expect it to show restraint.

    This article is republished from The Conversation under a Creative Commons license. Read the original article.

    The Conversation

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

    ·

    OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. “Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly as documented,” Oasis

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Fake Zoom and Google Meet Phishing Campaigns Deploy Teramind Surveillance Software

    ·

    , , ,

    Threat actors are executing sophisticated phishing campaigns that impersonate Zoom and Google Meet to silently deploy Teramind onto Windows devices. While Teramind is a legitimate enterprise endpoint monitoring product, scammers are abusing its stealth features to conduct unauthorized surveillance. The Infection Chain and Delivery Mechanism The attack relies on fabricated landing pages that mimic official […]

    The post Fake Zoom and Google Meet Phishing Campaigns Deploy Teramind Surveillance Software appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • 5 IoT Vulnerabilities That Stop Projects and How to Avoid Them

    ·

    , , , ,
    Stop the 75% failure rate. Learn which device vulnerabilities stall deployments and the exact fixes that get IoT projects to production.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Who is the Kimwolf Botmaster “Dort”?

    ·

    , , , , , , , , , , , , , , , , , , , , ,

    In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world’s largest and most disruptive botnet. Since then, the person in control of Kimwolf — who goes by the handle “Dort” — has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher’s home. This post examines what is knowable about Dort based on public information.

    A public “dox” created in 2020 asserted Dort was a teenager from Canada (DOB August 2003) who used the aliases “CPacket” and “M1ce.” A search on the username CPacket at the open source intelligence platform OSINT Industries finds a GitHub account under the names Dort and CPacket that was created in 2017 using the email address jay.miner232@gmail.com.

    Image: osint.industries.

    The cyber intelligence firm Intel 471 says jay.miner232@gmail.com was used between 2015 and 2019 to create accounts at multiple cybercrime forums, including Nulled (username “Uubuntuu”) and Cracked (user “Dorted”); Intel 471 reports that both of these accounts were created from the same Internet address at Rogers Canada (99.241.112.24).

    Dort was an extremely active player in the Microsoft game Minecraft who gained notoriety for their “Dortware” software that helped players cheat. But somewhere along the way, Dort graduated from hacking Minecraft games to enabling far more serious crimes.

    Dort also used the nickname DortDev, an identity that was active in March 2022 on the chat server for the prolific cybercrime group known as LAPSUS$. Dort peddled a service for registering temporary email addresses, as well as “Dortsolver,” code that could bypass various CAPTCHA services designed to prevent automated account abuse. Both of these offerings were advertised in 2022 on SIM Land, a Telegram channel dedicated to SIM-swapping and account takeover activity.

    The cyber intelligence firm Flashpoint indexed 2022 posts on SIM Land by Dort that show this person developed the disposable email and CAPTCHA bypass services with the help of another hacker who went by the handle “Qoft.”

    “I legit just work with Jacob,” Qoft said in 2022 in reply to another user, referring to their exclusive business partner Dort. In the same conversation, Qoft bragged that the two had stolen more than $250,000 worth of Microsoft Xbox Game Pass accounts by developing a program that mass-created Game Pass identities using stolen payment card data.

    Who is the Jacob that Qoft referred to as their business partner? The breach tracking service Constella Intelligence finds the password used by jay.miner232@gmail.com was reused by just one other email address: jacobbutler803@gmail.com. Recall that the 2020 dox of Dort said their date of birth was August 2003 (8/03).

    Searching this email address at DomainTools.com reveals it was used in 2015 to register several Minecraft-themed domains, all assigned to a Jacob Butler in Ottawa, Canada and to the Ottawa phone number 613-909-9727.

    Constella Intelligence finds jacobbutler803@gmail.com was used to register an account on the hacker forum Nulled in 2016, as well as the account name “M1CE” on Minecraft. Pivoting off the password used by their Nulled account shows it was shared by the email addresses j.a.y.m.iner232@gmail.com and jbutl3@ocdsb.ca, the latter being an address at a domain for the Ottawa-Carelton District School Board.

    Data indexed by the breach tracking service Spycloud suggests that at one point Jacob Butler shared a computer with his mother and a sibling, which might explain why their email accounts were connected to the password “jacobsplugs.” Neither Jacob nor any of the other Butler household members responded to requests for comment.

    The open source intelligence service Epieos finds jacobbutler803@gmail.com created the GitHub account “MemeClient.” Meanwhile, Flashpoint indexed a deleted anonymous Pastebin.com post from 2017 declaring that MemeClient was the creation of a user named CPacket — one of Dort’s early monikers.

    Why is Dort so mad? On January 2, KrebsOnSecurity published The Kimwolf Botnet is Stalking Your Local Network, which explored research into the botnet by Benjamin Brundage, founder of the proxy tracking service Synthient. Brundage figured out that the Kimwolf botmasters were exploiting a little-known weakness in residential proxy services to infect poorly-defended devices — like TV boxes and digital photo frames — plugged into the internal, private networks of proxy endpoints.

    By the time that story went live, most of the vulnerable proxy providers had been notified by Brundage and had fixed the weaknesses in their systems. That vulnerability remediation process massively slowed Kimwolf’s ability to spread, and within hours of the story’s publication Dort created a Discord server in my name that began publishing personal information about and violent threats against Brundage, Yours Truly, and others.

    Dort and friends incriminating themselves by planning swatting attacks in a public Discord server.

    Last week, Dort and friends used that same Discord server (then named “Krebs’s Koinbase Kallers”) to threaten a swatting attack against Brundage, again posting his home address and personal information. Brundage told KrebsOnSecurity that local police officers subsequently visited his home in response to a swatting hoax which occurred around the same time that another member of the server posted a door emoji and taunted Brundage further.

    Dort, using the alias “Meow,” taunts Synthient founder Ben Brundage with a picture of a door.

    Someone on the server then linked to a cringeworthy (and NSFW) new Soundcloud diss track recorded by the user DortDev that included a stickied message from Dort saying, “Ur dead nigga. u better watch ur fucking back. sleep with one eye open. bitch.”

    “It’s a pretty hefty penny for a new front door,” the diss track intoned. “If his head doesn’t get blown off by SWAT officers. What’s it like not having a front door?”

    With any luck, Dort will soon be able to tell us all exactly what it’s like.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

    ·

    New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google API keys (identified by the prefix “AIza”) embedded in client-side code to provide Google-related services like

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Exploit Windows File Explorer and WebDAV to Distribute Malware

    ·

    , , ,

    Cybersecurity researchers at Cofense Intelligence have uncovered an ongoing campaign where threat actors abuse Windows File Explorer to distribute malware. By exploiting the legacy WebDAV protocol, attackers are tricking victims into downloading Remote Access Trojans (RATs) while bypassing traditional web browser security controls and some Endpoint Detection and Response (EDR) systems.​ WebDAV Exploit WebDAV (Web-based […]

    The post Hackers Exploit Windows File Explorer and WebDAV to Distribute Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Trump Bans Anthropic AI in Federal Agencies Amid Growing Security Concerns

    ·

    ,

    The United States government has taken a massive step by banning federal agencies from using Anthropic, a domestic AI company known for its model, Claude. For the first time, a U.S. firm has been classified as a supply chain risk to national security, a label usually given to foreign companies like Huawei. President Donald Trump […]

    The post Trump Bans Anthropic AI in Federal Agencies Amid Growing Security Concerns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

    ·

    Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a “supply chain risk.” “This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of our AI model, Claude: the mass domestic surveillance of Americans and fully autonomous weapons,” the

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Trump directs government to ‘immediately cease’ using Anthropic technology

    ·

    President Trump on Friday directed all federal agencies—including the Defense Department—to “immediately cease all use” of frontier AI firm Anthropic’s technology, though he also said there would be a six-month "phase out period."

    Trump’s announcement followed a tense back-and-forth between Anthropic and the Pentagon, which widely uses the San Francisco company’s popular AI platform, Claude, in classified and unclassified networks but took issue with the company’s refusal to give the Pentagon unrestricted access to its models.

    In a Thursday statement ahead of the Pentagon’s Friday deadline, Anthropic CEO Dario Amodei said he refused to allow Claude to be used for mass surveillance of U.S. citizens or to guide fully autonomous weapons, an argument Trump framed as trying to “strong arm” the Defense Department and force it to “obey their terms of service.” 

    “I am directing every agency in the United States Government to IMMEDIATELY CEASE all use of Anthropic’s technology,” Trump said in a Truth Social post. “We don’t need it, we don’t want it, and will not do business with them again.”

    Trump said there would be a six-month “phase-out period” for agencies using Anthropic’s products at various levels, including classified settings and among civilian agencies. Trump threatened Anthropic with punishment should the company refuse to help in the phase-out. As Defense One’s Patrick Tucker reported Feb. 26, it may take several months or longer for the government to replace Anthropic’s tools.

    “Anthropic had better get their act together and be helpful during this phase out period, or I will use the full power of my Presidency to make them comply, with major civil and criminal consequences to follow,” he said.

    In his own post, Defense Secretary Pete Hegseth said he was ordering his department to “designate Anthropic a Supply-Chain Risk to National Security.” 

    Hegseth did not explain why a supply-chain risk would be permitted to operate in classified networks for up to six more months.

    Amodei had noted this “contradictory” action in his Thursday statement. 

    “They have threatened to remove us from their systems if we maintain these safeguards; they have also threatened to designate us a ‘supply chain risk’—a label reserved for US adversaries, never before applied to an American company—and to invoke the Defense Production Act to force the safeguards’ removal. These latter two threats are inherently contradictory: one labels us a security risk; the other labels Claude as essential to national security.”

    Founded in 2021, Anthropic has developed models and tools that are already widely used across the federal government, largely through its partnership with leading cloud provider Amazon Web Services, through which it first gained a foothold in the Defense Department and intelligence agencies. Anthropic, along with xAI, Google and OpenAI, received $200 million defense contracts last July to bolster the Pentagon’s push to harness AI.

    Meanwhile, the General Services Administration, which manages hundreds of billions of dollars’ worth of contracts on behalf of all agencies, said in a statement Friday it would remove Anthropic from its Multiple Award Schedule and USAI.gov. Federal Acquisition Services Commissioner Josh Gruenbaum tweeted that GSA has terminated Anthropic's OneGov deal, ending the availability of those contracts across the Executive, Legislative and Judicial branches. 

    “GSA stands with the President in rejecting attempts to politicize work dedicated to America’s national security,” GSA Administrator Edward C. Forst said in a statement. “Building resilient, secure, and scalable AI solutions demands alignment, trust, and a willingness to make hard calls. We’re committed to delivering results for Americans, and working with our AI industry partners who fit the bill.”

    The rhetoric used by Trump, Hegseth, Pentagon spokesperson Sean Parnell, and Defense Undersecretary for Research and Engineering Emil Michael was notable for its stridency.

    Hegseth posted: “…@AnthropicAI and its CEO @DarioAmodei, have chosen duplicity. Cloaked in the sanctimonious rhetoric of ‘effective altruism,’ they have attempted to strong-arm the United States military into submission – a cowardly act of corporate virtue-signaling that places Silicon Valley ideology above American lives…”  

    Michael posted, “…It’s a shame that @DarioAmodei is a liar and has a God-complex. He wants nothing more than to try to personally control the US Military and is ok putting our nation’s safety at risk…”  

    And yesterday, Parnell posted that DOD only seeks the ability to “use Anthropic's model for all lawful purposes,” adding that the idea that the Pentagon wants fully autonomous weapons or mass surveillance is a false narrative “peddled by leftists in the media.” 

    But in his statement, Amodei said those are the only two limits he insists on. 

    In “a narrow set of cases, we believe AI can undermine, rather than defend, democratic values. Some uses are also simply outside the bounds of what today’s technology can safely and reliably do,” he said in his statement.

     Anthropic did not respond to an immediate request for comment on Friday. 

    Bradley Peniston contributed to this report.

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶