Risky Bulletin Risky Bulletin: Iranian hackers are scanning for security cameras to aid missile strikes
Mar 6, 2026
Iranian actors scanning security cameras and other IoT gear to help missile targeting. A reported Israeli strike on Iran’s cyber and electronic warfare facilities. Global takedowns of LeakBase and a phishing-as-a-service network that abused 2FA. Widespread malware shifts into malicious ads and rising ransomware activity. Debates over encrypted messaging policies on major social platforms.
AI Snips
Chapters
Transcript
Episode notes
Israel Targets Iran's Cyber HQ
- Israel said it bombed the headquarters of Iran's cyber and electronic warfare unit as one of ten targets hit by the IDF.
- Iranian state media did not confirm, and Iran imposed an internet blackout while citizens used smuggled Starlink dishes.
Take Down Of LeakBase Disrupts Credential Market
- Law enforcement disrupted LeakBase by raiding over 100 locations and arresting 13 suspects tied to the forum that sold stolen credentials.
- LeakBase launched in 2021, had 142,000+ members, and sold data stolen via InfoSteelers.
Tycoon 2FA Phishing Infrastructure Seized
- Authorities and firms disrupted Tycoon 2FA phishing by seizing 330+ domains that powered its platform.
- Tycoon automated interception of MFA codes and was the most active MFA-capable phishing toolkit in Proofpoint's data.