For years, cyberattacks followed a familiar pattern: reconnaissance, exploitation, persistence, impact. Defenders built their strategies around that cycle,...
Imagine your favorite app encouraging you to surrender during a war. That’s happening right now in Iran.
With the onset of open warfare, Israel reportedly hacked the popular prayer calendar app BadeSaba to distribute messages that, in another era, might have taken the form of pamphlets dropped from planes.
According to Reuters, app users received notifications stating “It’s time for reckoning” and urging members of the military to join the opposition to the regime.
The message, it’sclaimed, was titled “Help has arrived.”
Hamid Kashfi, a security researcher and DarkCell founder, in a social media post said the app is an interesting target for reasons beyond its high number of downloads, said to be around 37 million.
“Users of the app are particularly religious people and have [a] higher chance to be also pro-regime and within [the] body of the army,” he wrote. “One important but seemingly ignored fact about this app is that it requests location access to operate.”
The availability of user location data and other app telemetry, he suggested, “can be (ab)used in many different and interesting ways!”
The app’s maker did not immediately respond to a request for comment.
Lukasz Olejnik, independent consultant, author, and visiting senior research fellow at the Department of War Studies at King’s College London, says that he predicted this very scenario in his 2024 book Propaganda.
He characterized the message campaign not as a cyberattack but as a psychological operation intended to influence Iranian society and the country’s security forces.
Olejnik told The Register in an email that there’s very little app users can do beyond being skeptical about what gets displayed on their screens – advice that may be difficult to follow given the expectations for push notifications.
“Push notifications are trusted by design,” said Olejnik. “The entire model assumes that if you installed an app, the messages it sends are legitimate.”
For software developers, he said, the lesson is that notification infrastructure becomes a high-value target, particularly during conflicts.
“Keep in mind that apps may delegate push delivery to third-party services or platform-level infrastructure, and then it’s even more complex,” he said. “Developers and operators should map how they use it and update their risk assessments accordingly. Especially those with significant user bases.”
Olejnik said that this is a consequence of infrastructure control. “Push notifications create an infrastructural, logical channel between the media or apps, and the user,” he said. “It’s an issue of architecture.” ®
British tourists in Doha and Dubai have spoken to Sky News of their experience of being stranded during the conflict in Iran.
Flight operations remained largely suspended for a third day, leaving tens of thousands of passengers stranded as aviation faced its biggest test since the COVID-19 pandemic.
The war in the Middle East expanded further on Monday as Israel and the US pounded Iran in a campaign that US President Donald Trump said would probably take several weeks.
Meanwhile, Tehran and its allies struck back against Israel, neighbouring Gulf states and targets vital to the world’s production of oil and natural gas.
Iran’s retaliation to US and Israeli attacks has threatened British people across the Middle East.
Around 300,000 Britons are believed to be in countries targeted by Iran, with 102,000 registering their presence with the Foreign Office, as officials worked on contingency plans, including a potential mass evacuation.
Image:A rocket over Dubai on 2 March, 2026. Pic: Reuters
Starmer ‘stands by’ decision on Iran
Large areas of airspace remained closed across the Middle East amid the deepening conflict between Iran and US-Israeli forces.
Long-haul carriers Etihad Airways and Emirates, based in Abu Dhabi and Dubai, and budget carrier FlyDubai, said they would operate select flights from the country, where air traffic was suspended on Saturday and defence systems have intercepted missiles and drones from Iran.
Sir Keir Starmer has said the UK government is “looking at all options to support our people” as a small number of flights departed from Abu Dhabi.
Dubai’s government told passengers to head to airports only if they were contacted directly, during what it said would be a “limited resumption of operations”.
British tourists Gary Gore, 57, and his wife Laura, 48, from Suffolk, are currently holidaying in Doha.
Image:British tourists Gary Gore and his wife Laura
Mr Gore, a partner at a global professional services firm, told Sky News: “We’ve started off to be an amazing trip in this beautiful hotel with wonderful sunshine and, unfortunately, it’s turned into a nightmare from hell.”
Ms Gore, a director at a global SaaS company, said the “missiles started on Saturday”.
She added: “We’re living out of our hotel room. We’re packed, ready to go. Missiles are going out all the time. Complete uncertainty.
“We’ve got our grab bag in case we have to run out of the hotel room.”
Brits caught up in Middle East conflict
Brit Terry Dunne, 55, and his wife Joanne, 52, from Bradford, are in Dubai on what was meant to be a week-long holiday.
Mr Dunne, an offshore operative, said they were outside in the pool when the first missiles hit, and staff yelled at them to get inside.
He told Sky News: “Sunday night a boom or a bomb went off outside the hotel, waking us up with security alerts to our phones.
“In the morning, a further explosion happened above the hotel. It must have been shot down, and we all had to evacuate inside the hotel from the orders of the hotel staff.”
Image:Gary Gore
Mr Dunne said Joanne, a university administrator, had to jump out of the pool and get back in the hotel as there was an explosion a “couple of hundred feet in the air”.
Overlooking the scene from his hotel balcony, he said everything in the street appeared deserted, with people being told to keep indoors as much as possible.
‘Calm but tense’: British expat describes atmosphere in Dubai
Mr Dunne claimed his insurance company was not interested in helping the couple, adding that both the airline and travel company were also refusing to help with accommodation.
The couple have also tried to contact the Foreign Office and the hotel, but have so far received nothing.
Limited flights to leave Dubai
Mr Dunne said the couple have had no option but to put a further stay on their credit card, adding they will have to “hope for the best” for now.
Mr Dunne said: “Me and my wife spent all day yesterday in the hotel as advised by the Foreign Office to stay put and keep ourselves safe.
“We’ve done absolutely nothing, really. Everything’s closed, the pool and everything.”
Jelly Roll revealed he powered through one of music’s biggest nights while hiding a painful secret.
The country star, 41, attended the 2026 Grammy Awards with a broken collarbone after flipping an ATV.
“I was just thinking, I was out there running all over the Grammys with a broken collarbone,” the “Son of a Sinner” singer admitted in a video shared to Instagram. “Every time I hugged somebody that week, I wanted to scream.”
“I just didn’t say it, but every time somebody squeezed me, dude, I thought I was gonna cry,” he added.
Jelly Roll revealed he broke his collarbone ahead of the 2026 Grammy Awards.(Valerie Macon / AFP via Getty Images, Instagram: Bunnie Xo)
Jelly Roll gave his 5.8 million followers an update on the status of his ATV, which he believed he had totaled in the crash.
“Y’all just took this thing out for the first time since I flipped it,” Jelly Roll said in the video posted March 1. “I broke my collarbone. I was so scared to get back on this thing. I just knew if I didn’t get back on it sooner than later, I was just going to be more and more afraid of it.”
“I tell y’all what though, my brother got it fixed, dude, and he killed it,” he added. “It’s brand new. I figured I had totaled it.”
Jelly Roll’s wife, Bunnie Xo, said the call about the country singer’s accident was the “worst phone call to ever get.”(Kevin Mazur / Getty Images for The Recording Academy)
Jelly Roll’s wife, Bunnie Xo, revealed the crash happened in January. “This happened in January, worst phone call to ever get,” she captioned the video. “But we got thru it thank goodness & he’s healed completely.”
Bunnie’s video showed Jelly Roll in a hospital gown wearing a neck brace.
“When your hubby snaps his collarbone in half after flipping an ATV & thinks he’s so tough w/ a neck brace on,” she wrote over the video.
Jelly Roll and Bunnie Xo have been married for over eight years.(Gilbert Flores/Billboard via Getty Images)
Jelly Roll praised Jesus — and wife Bunnie Xo — while accepting the Best Contemporary Country Album Grammy Award on Feb. 1 for “Beautifully Broken.”
He told the crowd that he changed his life while incarcerated, thanks in part to a small Bible and a radio he listened to in jail.
Jelly Roll praised God for changing his life while incarcerated during his Grammy Awards speech for best contemporary country album.(Reginald Scott/Nashville-Davidson County Sheriff’s Office via AP)
“And I believe that those two things could change my life. I believe that music had the power to change my life, and God had the power to change my life. And I want to tell y’all right now, Jesus is for everybody,” he said.
“Jesus is not owned by one political party. Jesus is not owned by no music label. Jesus is Jesus, and anybody can have a relationship with Him. I love you, Lord.”
PM says he does not expect US to ask for military assistance in war on Iran
Sarah Basford Canales
Anthony Albanese does not believe the US government will request military assistance from Australia in its conflict against Iran, noting Australia is “a long way” from the Middle East.
In an interview with ABC’s 7.30 last night, the prime minister said the US had not requested military assistance and he did not expect they would in the coming days and weeks.
Albanese said:
It’s a long way from Australia, and Australia is not – we are not big players in the Middle East.
Key events
Marles responds to Ayatollah memorials
Richard Marles says he won’t direct police on what action to take against a small number of mosques and Islamic centres in Melbourne and Sydney who have invited members to mourn the death of Iran’s supreme leader.
Last night, Anthony Albanese called the events “inappropriate”.
Marles is asked whether there will be any police action taken against the mosques and centres. He says:
I’m not about to suggest what the police should do, that’s that’s a matter for them. But let me say this, our our thoughts are not with the supreme leader. Our thoughts are with the thousands of Iranians who have died at the hands of the supreme leader just in the last few weeks, without looking at the countless numbers of Iranians who have lost their lives over the nearly 40 years that the supreme leader has been at the helm of the Iranian state.
Marles defends reports of 24-hour wait to reach consular staff
Marles is asked about reports of Australians in the Middle East waiting 24 hours to reach consular staff, as they plan their evacuation from the region.
Marles says there are more than 115,000 Australians in the region, with 11,000 travellers going between Australia and the Middle East on any normal day, so it’s a “significant load” on the staff.
The government is monitoring reports of limited airspace openings, and Marles says the government is considering contingency options.
There are a significant number of Australians there, we’re obviously working through all of this as quickly as possible. We are posting advice on Smartraveller as soon as it comes to hand, and we are very much encouraging people to monitor that very closely.
There’s been some reports of marginal airspace being opened up in a limited way, but really that’s the issue that we’re monitoring closely. We are going through some contingency arrangements right now, which I won’t speak about publicly … but for most people, the most expeditious way in which they will be able to leave is going to be through commercial flights as soon as [they open].
Planes parked on the tarmac at Dubai international airport on Monday. Photograph: Giuseppe Cacace/AFP/Getty Images
Australia not asked to participate in Iran action: Marles
Defence minister and deputy PM, Richard Marles, says Australia has not been asked to participate in actions against Iran.
Marles is doing the media rounds this morning, he tells the Today Show he won’t speculate on how long this action will go for.
I think it’s hard to speculate exactly how long this will go. Obviously, we are monitoring this very closely, but we’ve not been asked to participate. This is an action which is being undertaken by the United States and by Israel.
Again, Marles also deflects questions on whether the strikes by the US and Israel are “legal”. He sidesteps and instead says:
I mean, what is unlawful is for Iran to be seeking to acquire a nuclear weapon capability. I mean, that flies in the face of the non-proliferation treaty and the international regime.
Deputy prime minister, Richard Marles. Photograph: Mick Tsikas/AAP
Cait Kelly
Men almost twice as likely as women to earn high salaries, new report
Men are nearly twice as likely as women to be making $220,000 a year, with minimal progress made on closing Australia’s gender pay gap in the past 12 months.
The federal government’s Workplace Gender Equality Agency (WGEA) published its gender pay gap results for 10,500 employers on Tuesday. It revealed there was a slight increase in the number of women in highly paid roles, but men were still 1.8 times more likely to be in the upper quartile of earners on an average salary of $221,000.
On the other hand, women were 1.4 times more likely than men to be in the lowest quartile of earners with an average salary of about $60,000 a year.
You can read more here:
Krishani Dhanji
Good morning, Krishani Dhanji with you here, thanks to Martin Farrer for getting us started.
The situation in the Middle East will continue to dominate the headlines this morning. The deputy PM and defence minister, Richard Marles, has been wheeled out again for the government as it faces questions on whether it has or will support any military action against Iran – it says it wasn’t privy to the strikes in advance and is not a “central” player in the region.
As my colleague, Tom McIlroy, has just brought you, Canadian prime minister Mark Carney (admired by many in Labor) is heading to Australia today – but the more exciting stuff, including an address to parliament, will happen a bit later this week.
I hope you’ve got a coffee, I’ve got mine – let’s get into it!
Canadian PM Mark Carney to address federal parliament during three-day visit
Tom McIlroy
The Canadian prime minister, Mark Carney, arrives in Australia today for a three-day official visit, set to include a rare address to federal parliament.
Carney is due to visit Sydney and Canberra and hold talks with the prime minister, Anthony Albanese. It will be the ninth meeting between the two leaders.
They will discuss critical minerals, climate change, economic security and prosperity, and defence cooperation. Canada and Australia have already signed a joint declaration of intent on critical minerals, and the agreement could be upgraded as part of this week’s visit.
Carney and Albanese are also expected to discuss the growing conflict in Iran, sparked by weekend bombings by the United States and Israel. Carney has talked up the opportunity for middle powers including Canada and Australia to act as a bloc in recent months, part of a much-discussed address to the World Economic Forum in Davos.
Carney’s visit is also set to include an event at the thinktank, the Lowy Institute.
Canadian PM Mark Carney. Photograph: Adrian Wyld/AP
Sarah Basford Canales
Memorials for Aytatollah Ali Khamenei ‘inappropriate’, PM says
Memorials within Australia for Aytatollah Ali Khamenei – Iran’s late supreme leader – are “inappropriate”, Anthony Albanese has said.
Khamenei, Iran’s supreme leader since 1989, was killed in US and Israeli airstrikes over the weekend in a pre-emptive strike against the country’s ballistic missiles program.
The prime minister told ABC’s 7.30 last night that Khamenei should not be mourned. He said:
We in this country have a different approach to people having different views from a totalitarian regime such as Iran, but our position is very clear, and I’m sure that is shared by the overwhelming majority of Australians, including the overwhelming number of Australians of Iranian descent …
I don’t think [memorials are] appropriate. And certainly I think that, overwhelmingly, people won’t be participating.
PM says he does not expect US to ask for military assistance in war on Iran
Sarah Basford Canales
Anthony Albanese does not believe the US government will request military assistance from Australia in its conflict against Iran, noting Australia is “a long way” from the Middle East.
In an interview with ABC’s 7.30 last night, the prime minister said the US had not requested military assistance and he did not expect they would in the coming days and weeks.
Albanese said:
It’s a long way from Australia, and Australia is not – we are not big players in the Middle East.
Welcome
Good morning and welcome to our live politics blog. I’m Martin Farrer with the top overnight stories and then it will be Krishani Dhanji with the main action.
Anthony Albanese says he doesn’t expect the US will ask Australia for military assistance against Iran because it’s a “long way” away.
And the Canadian PM, Mark Carney, is due to arrive in Australia later today, though the main action of the visit is expected later in the week. He and Albanese are expected to cover a lot of ground in their talks. More details on this soon.
Some wars start slowly while others spring to life at speed. This one is racing, transforming nations, politics and loyalties at a spectacular rate.
It is only a few days since Iranian and American diplomats sat down in Geneva to discuss the details of a possible nuclear agreement. Now, the Ayatollah is dead, along with dozens of Iranian leaders, while Iranian missiles are fired at an array of countries across this region. Life is coming at us fast.
What is clear is that Iran has three ambitions, and it needs to do them all at the same time.
Firstly, it needs to find itself a new leader, and a layer of people to go alongside him. That search is, according to those within the country, being fast-tracked to such an extent that a new Ayatollah could be named within the week, allowing a focal point to be re-established.
Image:Workers install a billboard of the late Iranian Supreme Leader Ayatollah Ali Khamenei on 2 March. Pic: AP
Secondly, Iran is keen to tell the world that it is the victim here – that it had negotiated in good faith and was tricked by its two greatest enemies, America and Israel.
Certainly it is hard to see how, under the terms of international law, this war could be described as legal. Israel was not seemingly facing an imminent threat from Iran and the United Nations Security Council did not authorise this attack. What’s more, President Trump did not attempt to even secure the support of Congress.
Iran war widens: What’s been targeted today?
Of course, both Israel and America are well aware that the Security Council would not have supported this action – a veto from Russia and probably China was inevitable. They are also aware that the standing of the UN has rarely been lower, with Donald Trump (to an extent) and Benjamin Netanyahu (massively, repeatedly) criticising the UN as a busted flush.
Iran’s third ambition, and the most overt one right now, is to turn this war into a regional conflict. Eight months ago, the 12-day war largely involved Israel and Iran trading missile bombardments. This time, it’s very different.
Now, Iran has embroiled gulf nations, attacking them repeatedly. Debris landed by a Saudi oil refinery, missiles were in the air above Jordan. Hezbollah, loyal to Khamenei, launched a rocket attack against Israel from southern Lebanon, triggering a furious response that has killed more than 30.
The Strait of Hormuz has been rendered almost unusable, Qatar has stopped selling natural gas, and the price of oil has sharply increased. Even a British air base in Cyprus has been attacked.
Watch: Could Iran attack the UK?
The ripples of this conflict are spreading, which is exactly what Iran wants – a war that disrupts life for a huge swathe of the world, tests alliances and leads countries to push for an early end.
But there may be another tactic here from Iran. If the remnants of the regime, notably what’s left of the leadership of the Revolutionary Guard, think their grip is being prised from the country, they may be tempted to launch one final massive salvo against the many countries they see as their enemies.
It is a fearsome, intimidating prospect. Is it feasible? Perhaps – it has certainly been talked about for years. But would they actually do it, or this simply another carefully curated piece, a dreadful threat that the Iranians are quite happy to allow to live in the ether?
Regime change in Iran is ‘pretty unlikely’
If Iran were to change path – whether to become more authoritarian, more moderate, or even to change to a wholly new form of government – the knock-on impacts would be enormous. It is a country of central importance in every way. And this is a difficult, precarious time in a region that is loaded with long-standing volatility.
“Tell me how this ends” was the statement posed by General Petraeus when confronted by the quagmire of Iraq, and it remains a very pertinent question, not least today in the Middle East.
We simply don’t know the answer and it’s not clear that either America or Israel are asking the question. The lessons of the past are that it’s easy to start a war but hard to rebuild afterwards. Now, even as the Middle East reverberates to the chorus of air-raid sirens, the future is being shaped. But nobody quite knows how.
First lady Melania Trump presided over the United Nations Security Council meeting Monday, declaring that the United States “stands with all of the children throughout the world,” in a historic speech calling for “peace through education,” amid the U.S. military involvement in Iran.
The first lady’s speech marked the first time a first lady from any country — and the first time a sitting U.S. first lady — presided over the security council as its members consider education, technology, peace and security.
The United States assumed the United Nations Security Council presidency Monday, just days after the U.S. and Israel launched a massive joint military operation against Iran over the weekend known as “Operation Epic Fury.”
Delegates attend a United Nations Security Council meeting on Feb. 24, 2026, in New York City.(John Lamparski/Getty Images)
The attacks left major leaders dead, including Iranian Supreme Leader Ayatollah Ali Khamenei.
The joint military operation is expected to carry on for days, as the U.S. military continues to target military targets and ballistic missile sites that pose an “imminent threat.”
President Donald Trump warned over the weekend against Iranian retaliation, saying that if Iran were to “hit very hard,” they would be met with “a force that has never been seen before.”
But the first lady’s appearance at the United Nations was scheduled before “Operation Epic Fury” began.
“The U.S. stands with all of the children throughout the world,” the first lady said Monday. “I hope soon — peace will be yours.”
The U.N. Security Council consists of 15 member states, with five permanent members: the United States, China, France, the Russian Federation, the United Kingdom, and 10 non-permanent members elected for two-year terms, including Bahrain, Colombia, Democratic Republic of the Congo, Denmark, Greece, Latvia, Liberia, Pakistan, Panama and Somalia.
“Collectively, your mission to maintain security while upholding the responsibility of preventing conflict during times of both war and peace is significant, must be applied evenly, and should never be carried out lightly,” she said. “Peace does not need to be fragile.”
President Donald Trump and first lady Melania Trump attend a ceremony to commemorate the 24th anniversary of the 9/11 attacks, Thursday, Sept. 11, 2025, at the Pentagon in Washington. Trump revealed at the ceremony that Charlie Kirk will be receiving the Presidential Medal of Freedom.(AP/Evan Vucci)
The first lady’s speech focused on education, saying that it “shapes the core of their country’s belief system.”
“A nation that makes learning sacred protects its books, its language, its science, and its mathematics—it protects its future,” she said. “This leads to something powerful—to greater understanding, moral reasoning, and tolerance of others. Peace.”
The first lady stressed that children raised in cultures rooted in intelligence “develop confidence, innovate, build, compete, and maintain a deep value system.”
“Their knowledge fosters empathy for others, transcending geography, religion, race, gender, and even local norms,” she said. “They become caring people.”
On the contrary, the first lady said that children raised in a culture “rooted in ignorance are surrounded by disorder, and sometimes even conflict.”
“These societies are filled with rigid thinkers who embrace prejudice and shun human dignity,” she said. “When a nation restricts thought, it restricts its own future.”
The first lady said education is a “fundamental human right,” but said that “so many children and young adults are banned from attending secondary schools and universities.”
“The cost is not abstract,” she said. “A society that excludes vast segments of its population can realize only a fraction of its potential. Societies rules by knowledge and wisdom are, therefore, more peaceful.”
The first lady declared that “knowledge is power,” and said “we must capture this positive energy and ignite it across continents to transform our world—throughout our digitally connected human race.”
“Intellect blossoms humanity’s fundamental needs: shelter, food security, clean water, and health care.”
“The global community must facilitate complete access to technology so that every individual can reach their full potential through education,” she said. “We must strive to achieve connectivity in the most remote locations and the furthest distances from our cities.”
The first lady said the objective “is entirely feasible and is already on the way.”
“Today, roughly 6 billion individuals, about 70 percent of people on planet Earth, have a mobile device and use the internet,” she said. “If our nations band together, we can close the technological divide, empowering all to reach their full potential.”
“From a solitary farmer on a remote Greek island to a quiet genius in Somalia or a dreamer in uptown Manhattan, anyone can read the vast treasury of human knowledge, created over centuries, which is now codified and accessible through artificial intelligence,” she continued.
The first lady went on to question whether a “single digital nation-state” could be inevitable.
Melania Trump attends the world premiere of Amazon MGM’s “Melania” at The Trump-Kennedy Center in Washington, DC, on Jan. 29.(Taylor Hill/WireImage via Getty Images)
“Perhaps this idea isn’t so farfetched since digital currency and payment systems via blockchain, plus AI’s massive factual database is already revolutionizing media and financial markets,” she said. “We are in the age of imagination—a period when technology can be free and unrestricted by land borders.”
She added: “Now is the time for our generation to elevate our children above ideology through access to wisdom.”
The first lady said AI is “democratizing knowledge” and creating a “new reality for our children by disrupting the traditional academic path to information.”
“Let’s connect everyone to knowledge through AI, including those in the most remote geographic regions of our world,” she said. “AI can provide us with an understanding of each other’s needs and the needs for your children.”
The first lady said artificial intelligence is “redefining who gets to participate in the global economy of ideas.”
“I believe our shared intellectual future will prove to be a more secure, harmonious, advanced civilization,” she said. “The path to peace depends on us taking responsibility to empower our children through education and technology.”
The first lady stressed that “conflict arises from ignorance, but knowledge creates understanding, replacing fear with peace and unity.”
“Security Council members, I encourage you to pledge to safeguard learning in our communities and promote access to heightened education for all,” she said. “I implore you to build a future generation of leaders who embrace peace through education.”
The speech comes as the first lady continues her push as a champion of online protection of children and youth through her “Be Best” initiative launched during the first Trump administration.
In 2025, the first lady garnered support on Capitol Hill for the passage of the Take it Down Act, which was signed into law by the president in May 2025. The law punishes internet abuse involving nonconsensual, explicit imagery.
The first lady also launched a nationwide Presidential Artificial Intelligence Challenge, which invited every student and educator across the nation to “unleash their imagination and showcase the spirit of American innovation” by visiting AI.gov to sign up.
Related Article
Brooke Singman is a political correspondent and reporter for Fox News Digital, Fox News Channel and FOX Business.
A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers.
The attack leverages Progressive Web App (PWA) features and social engineering to deceive users into believing they are interacting with a legitimate Google Security web page and inadvertently installing the malware.
PWAs run in the browser and can be installed from a website, just like a standalone regular application, which is displayed in its own window without any visible browser controls.
Victim browser becomes attacker’s proxy
The campaign relies on social engineering to obtain the necessary permissions from the user under the guise of a security check and increased protection for devices.
The cybercriminals use the domain google-prism[.]com, which poses as a legitimate security-related service from Google, showing a four-step setup process that includes giving risky permissions and installing a malicious PWA app. In some instances, the site will also promote a companion Android app to “protect” contacts.
According to researchers at cybersecurity company Malwarebytes, the PWA app can exfiltrate contacts, real-time GPS data, and clipboard contents.
Additional functionality observed includes acting as a network proxy and internal port scanner, which allows the attacker to route requests through the victim’s browser and identify live hosts on the network.
The website also requests permissions to access text and images copied to the clipboard, which can occur only when the app is open.
Fake Google security site asking for clipboard access source: BleepingComputer
However, the fake website also asks for permission to show notifications, which allows the attacker to push alerts, new tasks, or trigger data exfiltration.
Additionally, the malware uses the WebOTP API on supported browsers in an attempt to intercept SMS verification codes, and checks the /api/heartbeat every 30 seconds for new commands.
As the PWA app can only steal the contents of the clipboard and OTP codes when it is open, notifications can be used to send fake security alerts that prompt the user to open the PWA again.
Fake Google security site asks for notifications permissions source: BleepingComputer
Malwarebytes says that the focus is on stealing one-time passwords (OTP) and cryptocurrency wallet addresses, and that the malware also “builds a detailed device fingerprint.”
Another component in the malicious PWA is a service worker that is responsible for push notifications, running tasks from received payloads, and preparing stolen data locally for exfiltration.
The researchers say that the most concerning component is the WebSocket relay that allows the attacker to pass web requests through the browser as if they were on the victim’s network.
“The malware acts as an HTTP proxy, executing fetch requests with whatever method, headers, credentials, and body the attacker specifies, then returns the full response including headers” – Malwarebytes
Because the worker includes a handler for Periodic Background Sync, which allows web apps in Chromium-based browsers to periodically synchronize data in the background, the attacker can connect to a compromised device for as long as the malicious PWA app is installed.
Malware Android companion
Users who choose to activate all the security features for their account also receive an APK file for their Android devices that promises to extend protection to the list of contacts.
Fake security checks source: BleepingComputer
The payload is described as a “critical security update, ”claims to be verified by Google, and requires 33 permissions that include access to SMS texts, call logs, the microphone, contacts, and the accessibility service.
These alone are high-risk permissions that enable data theft, full device compromise, and financial fraud.
The malicious APK file includes multiple components, such as a custom keyboard to capture keystrokes, a notification listener for access to incoming notifications, and a service to intercept credentials filled automatically.
“To enhance persistence, the APK registers as a device administrator (which can complicate uninstallation), sets a boot receiver to execute on startup, and schedules alarms intended to restart components if terminated,” the researchers say.
Malwarebytes observed components that could be used for overlay-based attacks, which indicate plans for potential credential phishing in certain apps.
By combining legitimate browser features with social engineering, the attacker does not need to exploit any vulnerability. Instead, they trick the victim into providing all the needed permissions for malicious activity to occur.
The researchers warn that even if the Android APK is not installed, the web app can collect contacts, intercept one-time passwords, track location, scan internal networks, and proxy traffic through the victim’s device.
Users should be aware that Google does not run security checks through pop-ups on web pages or request any software installation for enhanced protection features. All security tools are available through the Google Account at myaccount.google.com.
To remove the malicious APK file, Malwarebytes recommends users look for a “Security Check” entry in the list of installed apps and prioritize uninstalling it.
If an app called “System Service” with a package name com.device.sync is present and has device administrator access, users should revoke it under Settings > Security > Device admin apps and then uninstall it.
Malwarebytes researchers also provide detailed steps for removing the malicious web app from both Chromium-based Windows, such as Google Chrome and Microsoft Edge, as well as from Safari.
They note that on Firefox and Safari browsers, many of the malicious app’s capabilities are severely restricted, but push notifications still work.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
A punishing 2024 election cycle for US Democrats has accelerated a years-long debate over the party’s future and what voters want in a political age dominated by United States President Donald Trump.
In two early primary races for US congressional seats, 32-year-old Nida Allam and 26-year-old Kat Abughazaleh hope to provide an answer, with both launching brazen progressive campaigns built on unapologetic stances calling for the abolishment of Immigration and Customs Enforcement (ICE), a hard reset of US policy amid Israel’s genocidal war in Gaza, the reversal of a rights backslide, and worker-first policies.
Recommended Stories
list of 3 itemsend of list
In the wake of the US-Israeli strikes on Iran, and Iran’s resulting strikes on countries across the region, the pair have also vowed to grow anti-war voices in Congress calling for checks on Trump’s power.
Their success will not only take the temperature of Democratic voters in the US, but could also send a message to party leadership still strategising how it will approach a deeply consequential midterm season. The November vote will decide which major US party – Democrat or Republican – controls the House of Representatives and Senate, and in turn, the shape of the latter half of Trump’s second term.
Up first will be Allam, whose March 3 primary for North Carolina’s fourth congressional district, a tech and research hub that includes the city of Durham, pits her against Representative Valerie Foushee.
In 2022, the incumbent Foushee defeated Allam, who cut her political teeth as a regional director for US Senator Bernie Sanders, in a crowded primary race buoyed by a deluge of outside spending, including millions in funding from a super PAC linked to the American Israel Public Affairs Committee (AIPAC).
“My leadership has always been rooted in being unapologetically proud of who I am,” said Allam, whose parents are from India and Pakistan and who, in 2020, became the first Muslim woman ever elected to public office – her post as county commissioner – in North Carolina.
“If we don’t step into these moments of discomfort and take these risks, then I don’t know what world I’m going to be leaving behind for my children,” Allam told Al Jazeera. “The time of just being able to silence our votes to push us into submission is gone. The working class is sick and tired of being told to wait our turn.”
Two weeks later, Abughazaleh, a journalist and researcher of the US far right, will face a crowded field of 15 Democrats vying to replace retiring US Representative Jan Schakowsky.
Democratic candidate Kat Abughazaleh joins the US House 9th District primary debate in Chicago, Illinois [Nam Y Huh/AP Photo]
She is considered one of three top contenders in the March 17 race to represent the vastly ethnically and politically diverse district that snakes across the northern Chicago suburbs, taking on local mayor Daniel Biss and state senator Laura Fine.
“I think part of the reason that our campaign has been so successful, part of the reason that our launch went so viral … is because a lot of people saw someone just speaking honestly and openly about the Democratic Party needing to, as I said then, grow a [expletive] spine,” said Abughazaleh, who is Palestinian American, the granddaughter of survivors of the Nakba.
“People are sick of BS,” she told Al Jazeera. “They want someone who will say what they believe and not constantly focus group test their views or their statements. ”
A punishing 2024 cycle
The enthusiasm surrounding candidates like Allam and Abughazaleh, and a slate of other progressives facing early primaries, including fellow congressional candidates Junaid Ahmed in Illinois and Frederick Douglass Haynes III in Texas, follows a 2024 election cycle that set back the party’s leftward flank.
That segment grew dramatically in Congress in 2018, with the upset victories of New York’s Alexandria Ocasio-Cortez, Massachusetts’s Ayanna Pressley, and Michigan’s Rashida Tlaib, who became the first Palestinian American woman and the first Muslim woman elected to the chamber.
Subsequent elections saw the “squad” grow, with victories for Jamaal Bowman in New York, Ilhan Omar in Minnesota, Cori Bush in Missouri and Summer Lee in Pennsylvania.
In 2024, Bush and Bowman both lost their primary races, facing challengers buoyed by millions of dollars in advertisement buys, with AIPAC and its affiliated super PAC spending more than $100m across the primary season.
Amid the onslaught, organisations that back progressives took a largely defensive stance.
Usamah Andrabi, the communications director for Justice Democrats, said “2024 was a cycle where the super PACs really organised themselves in their opposition, particularly AIPAC and crypto, and threatened to take out our entire slate in Congress”.
“I think it became clear to us that the priority had to be protecting our incumbents against this $100m [AIPAC] threat,” he said.
“We left that cycle being very clear-eyed that no matter the outcome of the November results, we were going to go full steam ahead and punch back this cycle.”
Meanwhile, the 2024 “uncommitted movement”, in which voters cast “uncommitted ballots” in the presidential Democratic primary to protest Washington’s continued support for Israel amid the genocide in Gaza, further underscored the Democratic leadership’s failure to reflect a large portion of voters, he said.
Polls have repeatedly suggested that a majority of Democrats are opposed to Washington’s continued unconditional support for Israel.
“We learned what we’ve always known, which is that the Democratic Party leadership and the establishment group of donors, advisers and career politicians who have occupied this party for so long are deeply out of step with the grassroots and everyday people in this party,” Andrabi said.
“They should be looking to what people are marching in the streets for, what millions of people across the country are demanding.”
Personal origins
For Allam, the current political moment is a culmination of the overlapping realities that have shaped her life.
She shares the outrage over the Trump administration’s mass deportation policy that has soared in recent months, buoyed by several violent incidents involving immigration enforcement agents, including the killing of two US citizens.
But Allam also points to the genesis of ICE itself, created as part of the Department of Homeland Security (DHS) in the wake of the September 11, 2001 attacks that saw the federal government target Muslims and Arab Americans across the country.
In the wake of those attacks, she recalled her third-grade teacher asking her to explain why Muslims “hated Americans”. She further attributes her political awakening to the 2015 killing of her friends Deah Barakat, Yusor Abu-Salha, and Razan Abu-Salha, long charging that the attack was fuelled by hate, and not by a parking dispute, as police officially said.
“That was a huge awakening for me to see that the reason it’s so easy to dismiss hate and bigotry against Muslims, against immigrants, is because we don’t have a seat at the table,” she said, “and we’re always demonised and dehumanised by our leaders.”
A day before her primary election, Allam released an advertisement focusing on the deadly bombing of a girls’ school in Iran amid US-Israel attacks over the weekend, vowing to be your “proudly uncompromised pro-peace leader in Washington”.
Her opponent, incumbent Foushee, has also condemned the war as “an unconstitutional escalation that risks dragging the United States into another catastrophic and endless war in the Middle East”, but the war has upped scrutiny of her past support from defence contractors and pro-Israel groups.
Abughazaleh, meanwhile, recalled visiting the Democratic National Convention in Chicago in August 2024, where she spent the night with delegates of the uncommitted movement amid shared outrage over party officials’ refusal to allow a Palestinian to address the convention, even denying Ruwa Romman, a highly respected Palestinian-American Georgia state lawmaker, the opportunity.
“It wasn’t supposed to be an overnight sit-in. We were just supposed to be there until they decided that this was discrimination, but they didn’t, and so we slept on the concrete,” said Abughazaleh.
“I grew up as an Arab kid in post 9/11 Texas, and I heard slurs thrown by people that were DNC attendees that I have never heard in my life,” she added.
Fourteen months later, Abughazaleh experienced the Trump administration’s Department of Justice firsthand when she was indicted for taking part in a demonstration outside of an ICE detention centre in Broadview, Illinois.
Federal prosecutors said Abughazaleh “physically hindered and impeded” an immigration enforcement agent, who was subsequently “forced to drive at an extremely slow rate of speed to avoid injuring any of the conspirators”.
“It’s still surreal to see your name underneath the ‘United States government versus …’” reflected Abughazaleh, who has condemned the move as a blatant attack on constitutional rights.
“But this was not a surprise … We knew that the administration would violate laws and abuse their power in this way,” she said.
The final stretch?
Both candidates have faced large ad buys as their election days approach.
While Allam’s opponent, Foushee, has sworn off taking money from AIPAC this time around, at least one super PAC in the race appears to have ties to pro-Israel interests. A large portion of Foushee’s support has come from AI super PACs, with Allam’s opposition to an AI data centre in the district a key issue of the race.
Allam has also seen an influx of money from outside progressive groups. All told, the at least $4.2m in outside money that has poured into the race makes it the most expensive in state history, according to the non-profit news site NC Newsline.
A super PAC reportedly linked to AIPAC donors, dubbed Elect Chicago Women, has waded into Abughazaleh’s race. An analysis by the public radio station WBEZ Chicago found “AIPAC donors and affiliates” have spent $13.7m on four Chicago-area races, including Abughazaleh’s.
Still, both candidates see signs of hope in recent elections, particularly New York City Mayor Zohran Mamdani’s definitive victory last year and the upset primary victory of Analilia Mejia in New Jersey in early February.
“It’s one of these things where the establishment still tries to pretend that it is impossible for candidates like Mamdani, candidates like Nida Allam … candidates like myself, to be able to win, and that’s just not true,” said Abughazaleh.
Like Mamdani, she has run an unorthodox campaign that leans into a ubiquitous online presence to reach younger voters, while simultaneously operating a “mutual aid centre” from her campaign office to better connect with the community.
“I think that seeing Mamdani’s victory in New York made a lot of people … feel like their vote could mean something,” Abughazaleh said. “Which many people haven’t felt in a long, long time.”
Allam, meanwhile, said Mamdani’s success underscored the importance of thinking beyond a Republican-Democratic binary, particularly when it comes to supporting local communities over using tax dollars to “send bombs, to destroy hospitals, to destroy schools overseas”.
“These are working-class issues,” she said, “and I think that is what these moments are showing us. Our own Democratic establishment needs to see that we are failing the very base that we say that we stand up for.”
Concerns about potential Iran-linked sleeper cells are rising as the Department of Homeland Security remains unfunded and Tehran and its proxies threaten retaliation over U.S.-Israeli strikes that American officials say killed nearly 50 top Iranian leaders.
The sleeper cell concerns came into full focus over the weekend when authorities say a Senegalese man opened fire at patrons of an Austin, Texas, bar while wearing a sweatshirt that read “Property of Allah.”
Ndiaga Diagne, 53, of Pflugerville, who was also found with an undershirt featuring the Iranian flag, reportedly entered the U.S. during the Clinton administration on a B-2 tourist visa. He became a naturalized citizen during the Obama administration.
Federal agents comb the scene of a potential terrorist attack shooting in Austin, Texas.(Aaron E. Martinez/Getty Images)
A San Antonio FBI official said the incident is being investigated for a “potential nexus to terrorism.”
DHS Secretary Kristi Noem told Fox News Digital on Monday that she is in “direct coordination with our federal intelligence and law enforcement partners as we continue to closely monitor and thwart any potential threats to the homeland,” when asked about any increased threat from sleeper cells in the U.S.
Fox News also learned Monday that a DHS memo was sent out over the weekend to various law enforcement agencies nationwide warning of potential cyberattacks and lone wolf physical attacks as a result of the U.S.-Israel bombing in Iran.
The memo offered no specific knowledge of individual attacks but warned of lower-level cyberattacks or other violence.
DHS, meanwhile, remains largely unfunded due to an approximately month-long shutdown brought on by Democratic lawmakers’ refusal to approve new agency funding over the Trump administration’s crackdown on illegal immigration, most notably in Minneapolis.
“It is outrageous that they continue to stall on this because their political ideologies disagree with keeping Americans safe,” said Sen. Joni Ernst, R-Iowa.
Former House Speaker Kevin McCarthy, R-Calif., warned that if there is “some type of attack within America, it is going to be on the Democrats,” pointing to the otherwise porous Mexican border under previous administrations.
The head of cyberdefense agency Cybersecurity and Infrastructure Security Agency (CISA) — which falls under DHS — recently warned that a majority of its workforce would be furloughed as the shutdown drags on.
“When the government shuts down, cyberthreats do not,” CISA Director Madhu Gottumukkala told lawmakers in February, according to NextGov.
Gottumukkala, who served as South Dakota State Chief Information Officer under then-Gov. Noem, said the agency would only be able to focus on “anything that is an immediate need and an imminent threat,” versus investigating or searching for new potential issues.
Sen. Ted Cruz, a Republican from Texas where the first potential sleeper attack occurred, told Fox News on Monday that he has been in touch with FBI Director Kash Patel and Austin Democratic Mayor Kirk Watson about the incident.
“They’re still investigating this, but it appears on the face of it to be terrorism,” he said.
“The threats of terrorism are higher right now. Our forces are on alert because we are actively taking out the Iranian leadership in the Ayatollah,” Cruz added, calling it “shocking” that Democrats continue to hold-up DHS funding at such a perilous time.
Sen. Tom Cotton, R-Ark., added on “America’s Newsroom” that previous administrations set the groundwork for sleeper cell vulnerabilities.
Sen. Tom Cotton, R-Ark., said previous presidential administrations set the groundwork for sleeper cell vulnerabilities in the U.S.(Bill Clark/CQ-Roll Call, Inc via Getty Images)
“Unfortunately, we had a wide-open border for four years under Joe Biden. We have no idea who may have gotten into the country during those four years. I don’t want to comment specifically on what happened in Austin until all the facts are known, but I did speak with Kash Patel yesterday, and I can tell you that the FBI is taking every potential threat around the nation very seriously,” Cotton said.
“This is by the way another very compelling reason that we need to fund the Department of Homeland Security immediately,” he said, noting the shutdown is dragging on into a “war against the world’s worst state-sponsor of terrorism.”
One top Democrat did appear to reference Iran’s role as such.
Pennsylvania Sen. John Fetterman called the U.S.-Israeli offensive a “noble pursuit” – while Rep. Rashida Tlaib, D-Mich., claimed “both the U.S. and genocidal Israel do[n’t] care about the laws.”
The House is reportedly set to attempt a vote on DHS funding sometime this week.
European and American security officials speaking on anonymity in the days leading up to the Feb. 28 strike told the New York Times no specific sleeper plots had been uncovered but that there has been an increase in “chatter” among intercepted communications.
Rhode Island Sen. Jack Reed, the top Democrat on the Senate Armed Services Committee, said in a statement that a strike on Iran would risk igniting a wider war, endangering U.S. forces and destabilizing global markets.
“Before any military action is considered, President Trump must come before the American people, explain why any conflict would be necessary, be honest about the risks and costs and present a clear strategy with a defined endgame,” Reed said.
Meanwhile, Texas Gov. Greg Abbott told Fox Business that sleeper cell threats need to be taken seriously after the Austin attack.
And in New York City, home to the largest Jewish population outside Israel, the NYPD announced “enhanced high-visibility patrols” following the Iran strikes.
NYPD’s top counterterrorism deputy Rebecca Weiner told ABC-7 the department is “looking really carefully at any threats and following up on leads and making sure that we’re staying ahead of any threat that might materialize here in our city.”
A student group at Columbia University in Morningside Heights reportedly posted “death to America” after news of Iranian dictator Ali Hosseini Khamenei’s death, while Iranian-Americans celebrated in the streets over the 86-year-old ayatollah’s demise.
Fox News’ David Spunt contributed to this report.
Related Article
Charles Creitz is a reporter for Fox News Digital.
He joined Fox News in 2013 as a writer and production assistant.
Charles covers media, politics and culture for Fox News Digital.
Charles is a Pennsylvania native and graduated from Temple University with a B.A. in Broadcast Journalism. Story tips can be sent to charles.creitz@fox.com.
