The United States and Israel launched a war in Iran last week that has already killed more than 1,200 Iranians and spilled out across the Middle East. There are many unknowns about US president Donald Trump’s goals as the conflict enters its second week and the situation seems poised to trigger an energy crisis with reverberations around the world.

Iran is in a nationwide internet shutdown with only the country’s regime-built intranet available, plunging Iranians into digital darkness and making it difficult for humanitarian aid workers, journalists, and others to disseminate information both inside and outside the country. As strikes on Tehran began last weekend, an apparently hacked prayer app sent messages saying “surrender” and “help is on the way” to Iranians around the country.

Meanwhile, GPS attacks like jamming—not to mention physical threats—are on the rise in the Strait of Hormuz, threatening shipping vessels. Security camera hacking has emerged as part of the playbook of war. And missile-intercept systems across the Middle East are under strain—and in some cases being destroyed in strikes.

Trump ousted Department of Homeland Security secretary Kristi Noem this week. Her tenure was marked by aggressive anti-immigration tactics and ICE and CBP’s killing of two US protesters. A highly sophisticated iPhone hacking tool kit that was likely originally built for the US government is in the hands of multiple other nations as well as scammers who have likely used the tools to infect tens of thousands of phones or more. Some US lawmakers are calling for an investigation into the threat of the decades-old side-channel hacking technique. And WIRED went inside how music streaming CEO Elie Habib built the open-source global threat map World Monitor in his spare time.

And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

United States Customs and Border Protection has, for the first time, admitted it purchased phone location data from the sprawling, surveillance-heavy online advertising industry. The agency’s acknowledgement was included in a document, called a Privacy Threshold Analysis, obtained by 404 Media through a Freedom of Information Act request. The document relates to a trial that CBP ran between 2019 and 2021.

The publication reports that CBP purchased data linked to real-time bidding processes. When you see ads online or in apps, they have often been shown to you after automated, instantaneous, auctions take place where advertisers bid to show you that specific ad. The murkiest parts of the advertising industry can collect data from your device, including your phone’s identifying details and location data; this is then repackaged and sold to companies and entities. The data has been called a “gold mine” for tracking people’s daily activities.

CBP did not respond to 404 Media’s request for comment on whether it is still buying the data; however, ICE has reportedly planned to purchase access to another system, called Webloc, that allows whole neighborhoods to be monitored for mobile phone movements.

The FBI was able to identify a protester in Atlanta after ultimately obtaining information from Swiss encrypted email service Proton Mail, court documents have revealed this week. A court document reviewed by 404 Media shows that payment information linked to a Proton email address was provided to US law enforcement by Swiss authorities after a request was made under an Mutual Legal Assistance Treaty (MLAT), which allows agencies to share data internationally.

Swiss officials made a request for the data under Swiss laws to Proton for payment information linked to the email address defendtheatlantaforest@protonmail.com, which was associated with protests in Atlanta. This information was then provided to US law enforcement officials under the international agreements, and they were able to identify an individual linked to the account.

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command-line interface (CLI) tools.

The new trick exploits the common practice among developers these days of downloading and executing scripts through ‘curl-to-bash’ commands from online sources without closely inspecting the assets first.

Researchers at Push Security, a browser threat detection and response company, found that attackers use the new InstallFix technique with cloned pages for popular CLI tools that serve malicious install commands.

Since the current security model “boils down to ‘trust the domain’,” and more non-technical users are now working with tools previously reserved for developers, InstallFix may become a larger threat, the researchers say.

In a report today, Push Security highlights a cloned installation page for Claude Code, Anthropic’s CLI coding assistant, that features the same layout, branding, and documentation sidebar as the legitimate source.

The difference is in the installation instructions for macOS and Windows (PowerShell and Command Prompt), which deliver malware from an attacker-controlled endpoint.

The researchers say that apart from the installation instructions, all links on the fake page redirect to the legitimate Anthropic site.

“So a victim that lands on the page and follows the fake instructions could continue normally without realizing anything had gone wrong,” Push Security notes in the report.

The attackers promote these pages through malvertising campaigns on Google Ads, causing malicious ads to appear in search results for queries such as “Claude Code install” and “Claude Code CLI.”

BleepingComputer could confirm that the malicious websites are still being promoted through Google-sponsored search results. When looking for the query “install claude code,” the first result was a Squarespace URL (claude-code-cmd.squarespace[.]com) pointing to a perfect clone of the official Claude Code documentation.

Amatera infections

Based on Push Security’s analysis, the payload delivered through these InstallFix attacks is the Amatera Stealer, a piece of malware designed to steal sensitive data (cryptocurrency wallets, credentials) from compromised systems.

The malicious InstallFix commands for macOS contain base64-encoded instructions for downloading and executing a binary from a domain controlled by the attacker. In one case, BleepingComputer found that the threat actor used the domain wriconsult[.]com, which is currently down.

For Windows users, the malicious command uses the legitimate utility ‘mshta.exe’ to retrieve the malware and triggers additional processes like ‘conhost.exe’ to support the execution of the final payload, Amatera information stealer.

Amatera is a fairly new malware family, believed to be based on the ACR Stealer, sold as a subscription service (MaaS) to cybercriminals.

The malware was recently observed distributed in separate ClickFix attacks that abused Windows App-V scripts for payload delivery. It can steal passwords, cookies, and session tokens stored in web browsers and collect system information while evading detection by security tools.

Push Security reports that the attacks are particularly evasive, also because the malicious sites are hosted on legitimate platforms such as Cloudflare Pages, Squarespace, and Tencent EdgeOne.

The researchers also published a video showing how the InstallFix attack works, from the search query to copying a malicious command.

In a campaign last week, threat actors used the InstallFix technique with fake OpenClaw installers hosted in GitHub repositories that were promoted by Bing’s AI-enhanced search results.

Users looking for Claude Code must ensure they get installation instructions from official websites, block or skip all promoted Google Search results, and bookmark software download portals for tools they need to re-download frequently.

The researchers provide indicators of compromise that include the domains for serving the cloned guides, for hosting the malicious payloads, and the InstallFix commands.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Download The Report

Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack.

According to a new Microsoft Threat Intelligence report, attackers are using generative AI tools for a wide range of tasks, including reconnaissance, phishing, infrastructure development, malware creation, and post-compromise activity.

In many cases, AI is used to draft phishing emails, translate content, summarize stolen data, debug malware, and assist with scripting or infrastructure configuration.

“Microsoft Threat Intelligence has observed that most malicious use of AI today centers on using language models for producing text, code, or media. Threat actors use generative AI to draft phishing lures, translate content, summarize stolen data, generate or debug malware, and scaffold scripts or infrastructure,” warns Microsoft.

“For these uses, AI functions as a force multiplier that reduces technical friction and accelerates execution, while human operators retain control over objectives, targeting, and deployment decisions.”

AI used to power cyberattacks

Microsoft has observed multiple threat groups incorporating AI into their cyberattacks, including North Korean actors tracked as Jasper Sleet (Storm-0287) and Coral Sleet (Storm-1877), who use the technology as part of remote IT worker schemes.

In these operations, AI tools help generate realistic identities, resumes, and communications to gain employment at Western companies and maintain access once hired.

The report also describes how AI is being used to assist with malware development and infrastructure creation, with threat actors using AI coding tools to generate and refine malicious code, troubleshoot errors, or port malware components to different programming languages.

Some malware experiments show signs of AI-enabled malware that dynamically generate scripts or modify behavior at runtime.

Microsoft also observed Coral Sleet using AI to quickly generate fake company sites, provision infrastructure, and test and troubleshoot their deployments.

When AI safeguards attempt to prevent the use of AI in these tasks, Microsoft says threat actors are using jailbreaking techniques to trick LLMs into generating malicious code or content.

In addition to generative AI use, Microsoft researchers have begun to see threat actors experiment with agentic AI to perform tasks autonomously and adapt to results.

However, Microsoft says AI is currently used primarily for decision-making rather than for autonomous attacks.

Because many IT worker campaigns rely on the abuse of legitimate access, Microsoft advises organizations to treat these schemes and similar activity as insider risks.

Furthermore, as these AI-powered attacks mirror conventional cyberattacks, defenders should focus on detecting abnormal credential use, hardening identity systems against phishing, and securing AI systems that may become targets in future attacks.

Microsoft is not alone in seeing threat actors increasingly using artificial intelligence to power attacks and lower barriers to entry.

Google recently reported that threat actors are abusing Gemini AI across all stages of cyberattacks, mirroring what Amazon observed in this campaign.

Amazon and the Cyber and Ramen security blog also recently reported on a threat actor using multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Download The Report

Looking for the most recent Wordle answer? Click here for today’s Wordle hints, as well as our daily answers and hints for The New York Times Mini Crossword, Connections, Connections: Sports Edition and Strands puzzles.

Today’s Wordle puzzle features some tricky elements, including a double letter, and some unusual letter choices. If you need a new starter word, check out our list of which letters show up the most in English words. If you need hints and the answer, read on.

Read more: New Study Reveals Wordle’s Top 10 Toughest Words of 2025

Today’s Wordle hints

Before we show you today’s Wordle answer, we’ll give you some hints. If you don’t want a spoiler, look away now.

Wordle hint No. 1: Repeats

Today’s Wordle answer has one repeated letter.

Wordle hint No. 2: Vowels

Today’s Wordle answer has one vowel and one sometimes vowel.

Wordle hint No. 3: First letter

Today’s Wordle answer begins with L.

Wordle hint No. 4: Last letter

Today’s Wordle answer ends with Y.

Wordle hint No. 5: Meaning

Today’s Wordle answer can refer to the room where hotel guests often go to check in.

TODAY’S WORDLE ANSWER

Today’s Wordle answer is LOBBY.

Yesterday’s Wordle answer

Yesterday’s Wordle answer, March 7, No. 1,722, was VOGUE.

Recent Wordle answers

March 3, No. 1,718: LINEN

March 4, No. 1,719: THEFT

March 5, No. 1,720: SHEEP

March 6, No. 1,721: GUNKY

Meze Audio has unveiled a new high-end pair of in-ear monitors aimed squarely at serious listeners.

Called the ASTRU, the new earphones promise flagship-level sound performance. However, they stick to a surprisingly simple design: just a single dynamic driver.

That approach is a bit unusual at this level. Many premium IEMs rely on multiple drivers to achieve greater detail and separation. However, Meze says the ASTRU is engineered to deliver similar layering and resolution using a single 10mm dynamic driver.

The secret lies in its unusual diaphragm design. The driver uses a multilayer composite structure with more than 80 ultra-thin layers of gold, applied through a 48-hour vacuum sputtering process.

Advertisement

Furthermore, that dome is bonded to a titanium layer and mounted on a PEEK base. This combination, Meze says, helps balance fast transient response with the warmth and physical punch dynamic drivers are known for. The result, at least on paper, should be a sound profile that’s detailed but still full-bodied.

Advertisement

The build quality is just as ambitious. Each ASTRU shell is CNC-machined from a single block of pure titanium, then finished with a multi-stage electroplating process to create a satin texture.

According to Meze, producing each matched pair takes up to seven days of precision processing. This is a sign the company is leaning heavily into its usual craftsmanship-focused design philosophy.

The earphones ship as a complete portable listening setup. In the box you’ll find a premium balanced cable with a 4.4mm termination, CNC-anodised aluminium hardware, and a 4.4mm-to-3.5mm adapter for broader device compatibility. Five ear tip sizes (XS to XL) are included. Additionally, there is a protective pouch and a soft PU leather carry envelope.

Advertisement

On the spec sheet, the ASTRU features a 10mm dynamic driver, a 5Hz–35kHz frequency range, 32-ohm impedance, and 111dB sensitivity. Total harmonic distortion is listed below 0.1% at 1kHz.

The ASTRU will make its public debut at CanJam New York on March 7. Afterwards, it will go on sale worldwide from March 20, 2026 via Meze’s website and selected retailers.

Advertisement

Pricing is set at £819 / $899 / €899, positioning the ASTRU firmly in the premium IEM space. Though it is still short of the four-figure prices many flagship earphones now command.

Advertisement

If you’re a God of War fan, you’ve likely noticed Sony‘s iconic, deity-destroying action series has been dominating the spotlight as of late. Following an announcement that the franchise’s original trilogy is being remade, we got a first-look at Kratos and Atreus in Prime Video’s upcoming live-action TV series adaptation.

But before a collective “Boy!” could be bellowed in celebration of all this news, we also got word that a new series’ spin-off game is rumored to be in the works. Given that you’d need a Leviathan Axe to cut through all these recent reveals and rumors, you could be excused for overlooking God of War Sons of Sparta, a brand-new prequel entry that was shadow-dropped shortly after the Greek trilogy remake reveal.

The Soundcore Q20i headphones, priced at $39.99 (was $70), give impressive performance at a reasonable price. This over-ear model from Anker’s Soundcore brand combines hybrid active noise cancellation, a long battery life, and configurable sound profiles into a product that constantly receives high praise for being one of the best value-for-money options available.

The main draw is hybrid noise cancellation, which uses four microphones, two in each cup and two on the outside, to reduce ambient noise by up to 90%. Low rumbles from engines or air conditioning are immediately muted, while background chatter is reduced to the point that talks with someone nearby feel far away. The transparency mode switch flips this around, allowing you to let outside sounds in when necessary, such as when you’re on a train or at a station and want to hear announcements, or just want to keep attentive when out for a walk. Users have reported that the device functions effectively in real-world circumstances such as flights, buses, and extremely crowded workspaces, yet if you’re in a really loud location, you may still experience some bleed through.

Sale

Soundcore by Anker Q20i Hybrid Active Noise Cancelling Headphones, Wireless Over-Ear Bluetooth, 40H Long…

• Hybrid Active Noise Cancelling: 2 internal and 2 external mics work in tandem to detect external noise and effectively reduce up to 90% of it, no…
• Immerse Yourself in Detailed Audio: The noise cancelling headphones have oversized 40mm dynamic drivers that produce detailed sound and thumping beats…
• 40-Hour Long Battery Life and Fast Charging: With 40 hours of battery life with ANC on and 60 hours in normal mode, you can commute in peace with your…

People are blown away by the battery life; with noise cancellation switched on, you get a respectable 40 hours of playback, which increases to a stunning 60 hours if you turn it off. A 5-minute charge provides an additional 4 hours of playback, which is ideal for those occasions when you are trapped in a conference or forgot the charger in the meeting room. Bluetooth 5.0 handles all connections seamlessly, since you can link with two devices at once and it will cheerfully switch between them for you, which is quite useful when you need to transition from a laptop music to a phone call.

The sound is produced by 40mm dynamic drivers, which benefit from BassUp technology while maintaining crisp details. If you connect the headphones to the provided 3.5mm connection, they will also play Hi-Res music, giving you a snappier high end and a more layered sound. Many listeners have described the profile as engaging and exciting, with deep bass that gets going without overwhelming the mids or voices. The Soundcore app takes things to the next level, with 22 pre-set EQ profiles and the option to tweak the settings to make it exactly right for you. If you need to relax or avoid interruptions, the white noise settings are a wonderful addition.

The memory foam ear cushions are pleasant and snug, and the lightweight frame weighs only approximately 9oz, so you won’t experience sore ears even after wearing them for lengthy periods of time. The foldable form makes them ideal for putting in a bag or backpack for travel, and they still feel rather strong, despite the fact that the plastic construction isn’t exactly fancy. The built-in microphone handles calls well, picking up your voice above background noise and allowing you to hold a regular conversation.