The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of January 2026. "The threat actor stopped maintaining its C2 servers on January 8 for the first time since we began monitoring their activities," Tomer Bar, vice president of security resea

An attacker can exploit the bug by sending crafted Telnet commands to set the USER variable, bypass authentication, and obtain a root shell, gaining remote code execution (RCE) on vulnerable systems, SafeBreach explains . Read more.

"You don't have to get hacked to understand how you can get hacked." - Itzik Kotler, the co-founder and CTO of SafeBreach Find out more.

HackRead reports Iranian advanced persistent threat operation Prince of Persia, also known as Infy, has reemerged with expanded targeting and a more sophisticated attack arsenal almost three years after it went on hiatus. Despite continuing to harness the Foudre and Tonnerre malware pair, Prince of Persia has gone to update the former, which has been launched upon Foudre's discovery of high-value targets, according to a SafeBreach analysis. Read more.

SafeBreach analysts identified this renewed activity after a three-year dormant period, noting the group’s transition to more resilient operational security practices. Their research highlighted the group’s use of distinct malware families, Foudre and Tonnerre, which now feature advanced capabilities for persistence and data theft. The investigation also linked the operation to a specific persona, “Ehsan,” suggesting a centralized and human-operated management of the campaig

Researchers at SafeBreach Labs have uncovered fresh activity from the Iranian state-sponsored hacking group known as “Prince of Persia” (also referred to as “Infy”), revealing that the threat actor has been silently operating sophisticated malware campaigns since resurfacing in 2025 after a three-year hiatus. Read more.

In the ever-evolving landscape of mobile technology, Google’s Quick Share is poised for a significant security upgrade. According to recent reports, the file-sharing feature could soon integrate with Android’s Advanced Protection Program, potentially revolutionizing how users safeguard their data during transfers. This development comes amid growing concerns over unauthorized access and file theft in an increasingly connected world. The rumor, first highlighted by Android Aut

SafeBreach experts have disclosed details of a vulnerability in the Windows Remote Procedure Call (RPC) protocol, patched by Microsoft in the July 2025 update. The flaw, CVE-2025-49760 , allowed an attacker to conduct spoofing attacks and impersonate a legitimate server using the Windows storage mechanism. Ron Ben Yizak discussed the discovery at the DEF CON 33 conference. Read more.

A newly discovered attack method could allow hackers to crash public Windows domain controllers (DCs) worldwide and weaponize them for...

For likely the first time ever, security researchers from Safebreach have shown how AI can be hacked to create real-world havoc, allowing...

By sending a calendar invite with an embedded prompt injection, often hidden in the event title, attackers can potentially exfiltrate...

Gain Visibility Beyond the Breach Augment your breach and attack simulation (BAS) deployment with automated attack path validation...

SafeBreach, a breach and attack simulations company, has expanded its collaboration with Visa to leverage the company’s Threat...

The patches Google rolled out last year to address vulnerabilities in the Quick Share data transfer utility that could lead to remote...

The program provides a clear framework for partners to establish consistent client engagement expectations, ensuring successful...

SafeBreach has unveiled a new platform aimed at providing a comprehensive view of cyber risk in enterprise environments. The newly...

One of two critical Active Directory Domain Controller vulnerabilities patched by Microsoft last month goes beyond the original...

Windows Update may occasionally backfire with faulty patches , but for the most part, it’s meant to keep us safe from the latest threats....

Some of Microsoft’s most important tools for protecting Windows users from malicious hackers can be twisted into being used in attacks,...

Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can...