A privacy audit of Filimo reveals plaintext credential storage, global analytics transmission, and embedded location surveillance — all operating within Iran's compelled-access jurisdiction where no independent data protection authority exists

A privacy audit of Bitbaan Anti-Malware reveals hidden camera capture, weak password encryption, network scanning, and extensive tracking — privacy failures that are particularly dangerous in an app that Iranian users trust to protect them, operating within a jurisdiction with no independent data protection oversight

A blackbox privacy audit of BadeSaba Calendar reveals aggressive tracking and broken cryptography — vulnerabilities made far more consequential by the app's operation within a jurisdiction where the state maintains documented capabilities to compel data access without independent oversight

Attackers created a piece of malware and registered the MahsaAlert domain as its C2 server, deceiving global security systems and causing this civil alert platform to be blocked.

With the internet in Iran shut down by the government of the Islamic Republic in January 2026, a familiar question resurfaced: Is the country becoming North Korea?

How Centralized Authentication, Infrastructure Level Monitoring and Interception, Spyware Operations, and Street Level Surveillance Have Converged into a Unified System for Controlling, Suppressing, and Intercepting Citizens

Examining the Role of Ofogh Saberin Co in Iranian Ministry of Defense Jamming Projects and the Export of Digital Repression Technologies

Persistent Access and Covert Command and Control within the Islamic Republic of Iran’s Surveillance and Interception Architecture

Examining the Organizational Logic, Operational Architecture, and the Role of a Modular RAT in Charming Kitten’s Covert Digital Surveillance

Bill on Supporting and Addressing Violations in the Field of Pervasive Audio and Video in Cyberspace (Internet) in Iranian Parliament