Tech
Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s
Handala’s second claim, however—that it hacked the FBI—seems, for now, to be fiction. All evidence points to Handala having breached Patel’s older, personal Gmail account. Widely believed to be a “hacktivist” front for Iran’s intelligence agency the MOIS, Handala suggested on its website that the emails contained classified information, but the messages initially reviewed by WIRED didn’t appear to be related to any government work. TechCrunch did find, however, that Patel appears to have forwarded some emails from his Justice Department email account to his Gmail account in 2014.
Handala, which cybersecurity experts have described to WIRED as an “opportunistic” hacker group whose cyberattacks and breaches are often calculated more for their propaganda value than their tactical impacts, has nonetheless made the most of Patel’s embarrassing breach. “To the whole world, we declare: the FBI is just a name, and behind this name, there is no real security,” the group wrote in its statement. “If your director can be compromised this easily, what do you expect from your lower-level employees?”
Handala Hackers Put $50 Million Bounty on Trump and Netanyahu’s Heads
For further evidence of Handala’s bombastic rhetoric, look no further than another post on its website earlier this week (we’re intentionally not linking to it) that offered a $50 million bounty to anyone who could “eliminate” US president Donald Trump and Israeli prime minister Benjamin Netanyahu. “This substantial prize will be awarded, directly and securely, to any individual or group bold enough to show true action against tyranny,” the hackers’ statement read, along with an invitation to any would-be assassins to reach out via the encrypted messaging app Session. “All our communication and payment channels utilize the latest encryption and anonymization technologies, your safety and confidentiality are fully guaranteed.”
That bounty, Handala explained, was posted in answer to a statement about Handala published on the US Department of Justice website last week that offered $10 million for information leading to the identity or location of anyone who carries out “malicious cyber activities against US critical infrastructure” on behalf of a foreign government.
“Our message is clear: If you truly have the will and the power, come and find us!” Handala wrote in its response. “We fear no challenge and are prepared to respond to every attack with even greater force.”
In yet another post on its website this week, Handala also claimed to have doxed 28 engineers at military contractor Lockheed Martin working in Israel and threatened them with personal harm if they didn’t leave the country within 48 hours. When WIRED tried calling the phone numbers included in Handala’s leaked data, however, most of them didn’t work.
Apple says no device with its Lockdown Mode security feature enabled has ever been successfully compromised by mercenary spyware in the nearly four years since its launch. Amnesty International’s security lab head, Donncha Ó Cearbhaill, also says his team has seen no evidence of a successful attack against a Lockdown Mode–enabled iPhone. And Citizen Lab, which has documented several successful spyware attacks against iPhones, says none involve a Lockdown Mode bypass, while in two cases its researchers found the feature actively blocked attacks against NSO Group’s Pegasus and Intellexa’s Predator. Google researchers, meanwhile, found one spyware strain that simply abandons infection attempts when it detects the feature is enabled.
Lockdown Mode works by disabling commonly exploited iPhone features, such as most message attachment types and features like links and link previews. Incoming FaceTime calls are blocked unless the user has previously called that person within the past 30 days. When the iPhone is locked, it blocks connections with computers and accessories. The device will not automatically join nonsecure Wi-Fi networks, and 2G and 3G support is disabled. Apple has also doubled bounties for researchers who detect any Lockdown Mode bypass, with payouts up to $2 million.
Microsoft has addressed around 140 newly discovered common vulnerabilities and exposures (CVEs) in its May Patch Tuesday update, but for the first time in a long time, the latest monthly drop contains no zero-day flaws, meaning that none of the issues in scope have been actively exploited or publicly disclosed.
But while a less panic-inducing drop will be welcomed by security teams around the world, the May 2026 Patch Tuesday update contains almost 20 critical severity flaws that will inevitably draw the attention of threat actors in the coming days and weeks.
Jack Bicer, Action1 director of vulnerability research, said: “Although the absence of zero-days is a positive sign, the high number of critical vulnerabilities – particularly compared to recent months – means organisations should still move quickly to evaluate and deploy updates across affected systems.”
This month’s update is also particularly significant as it heralds a critical Secure Boot certificate expiration deadline on 26 June, a few weeks from now. Devices that fail to receive updated Secure Boot certificates – which are now rolling out – face potentially catastrophic failures or as-yet-undiscovered security flaws that may prove impossible to fix.
“The May 2026 update cycle is a high-stakes bridge to the 26 June certificate expiration deadline, making fleet-wide rotation to new trust anchors the month’s absolute priority,” said Rain Baker, senior incident response specialist at Nightwing’s ShadowScout team.
“For those who haven’t patched for last month’s releases for the Windows Shell and Microsoft Defender bypass flaws, it is imperative that security teams give these the highest priority,” added Baker.
Bugs abounding
Among some of the critical updates issued this month is a fix for a Windows DNS Client remote code execution (RCE) flaw tracked as CVE-2026-41096. This vulnerability stems from a heap-based buffer overflow condition in Windows NetLogon and could enable an unauthenticated actor to take over the target system by sending it a malicious DNS response.
“Because DNS is a core networking service used across enterprise environments, exploitation could impact a large number of systems rapidly,” said Action1’s Bicer.
“Successful attacks may lead to widespread endpoint compromise, ransomware deployment, credential harvesting, and operational disruption across corporate networks.
Bicer added: “This CVE requires immediate attention considering its severity rating, network-based attack vector, no authentication requirements, and no user interaction. DNS-related vulnerabilities are especially dangerous because they target foundational network services that are broadly exposed across enterprise infrastructure.”
Also drawing attention this evening is CVE-2026-42898, another RCE issue, this one in on-prem versions of Microsoft Dynamics 365, which bears a common vulnerability scoring system (CVSS) score of 9.9. Again, this issue requires no user interaction and because it can impact systems beyond the original security scope of the vulnerable component, carries an extreme risk to enterprises.
Previous attacks on Dynamics 365 infrastructure have exposed important, privileged data, and because CRM environments plug into so many other important systems, successful exploitation could lead to wholesale compromise.
Meanwhile, Automox chief technology officer Jason Kikta weighed in on CVE-2026-41089, an RCE flaw in Windows Netlogon, and CVE-2026-40402, an elevation of privilege (EoP) vulnerability in Hyper-V.
“CVE-2026-41089 – CVSS 9.8 out of 10 – is a stack-based buffer overflow in Windows Netlogon,” explained Kikta. “An attacker sends a crafted network request to a domain controller. No authentication required. No user interaction required. If you’ve been doing this long enough, the description language sounds sadly familiar.
“I’d be careful drawing a direct line to Zerologon. The underlying bug is a stack overflow, not a crypto protocol flaw, and Microsoft has not labeled this one as wormable. The mechanism is different, but the blast radius is still ugly when you’re talking about pre-auth code execution on a domain controller.”
The Hyper-V issue can be exploited by a low-privileged account inside a guest virtual machine (VM) to execute code on the host with system-level privileges. Kikta warned that one compromised guest could serve as a pivot point for every other VM on the same host, and the host fabric into the bargain. Hosted desktop environments and shared virtualisation platforms are likely to be swiftly targeted.
“Multi-tenant VDI, on-premises virtualisation with untrusted workloads, or any Hyper-V host running guests you don’t fully control. Same-week, same-day patch depending on what’s on top of it,” Kikta advised.
Patch apocalypse?
Lacking though it is in zero-days, Redmond’s latest meaty update will do little to assuage the concerns of onlookers alarmed at the supposedly earth-shattering vulnerability discovery capabilities of Anthropic’s Claude Mythos frontier AI model.
Chris Goettl, vice president of security product management at Ivanti, said that these concerns were being taken seriously by many key software suppliers and other tech firms that are becoming far more aggressive in their patching in response to the changes of the past few weeks.
“Oracle announced a new release cadence starting in May 2026 to address the acceleration of vulnerability detection introduced by Mythos and other AI security models; monthly Critical Security Patch Update (CSPUs) will fill in the two-month gap between their quarterly Critical Patch Update (CPU),” he said.
“Apple is another early participant in Project Glasswing and has seen a recent spike in the number of exposures resolved. They typically average around 20 CVEs per iOS security update [but] for their most recent update on May 11, there is a spike of 52 CVEs resolved. Across the 11 Apple updates, the CVE counts range from 25 at the low end to 52 on the high end and Apple backported changes all the way to iPhone 6s and iOS 15. While there are not actively exploited vulnerabilities, there are a lot of updates to manage.”
Meanwhile, Mozilla, the backers of the Firefox browser, which is said to have had over 270 vulnerabilities identified after Claude Mythos was applied to it, has also moved to a more aggressive weekly cadence for its security updates since the release of Firefox 150.0.0 in April 2026 – version 150.0.3 of Firefox dropped earlier today (12 May).
Conspiracy theorists, wellness influencers, and grifters have already started promoting wild claims about the hantavirus outbreak that began aboard the MV Hondius, a cruise ship on the Atlantic.
Some conspiracy theorists compared the outbreak to the Covid-19 pandemic, claiming it was another effort to control the global population, while others pushed a false narrative that the Covid-19 vaccine caused hantavirus. Many others promoted ivermectin as a treatment, using the incident as a way to sell emergency medical kits featuring the antiparasitic drug typically used as a horse dewormer.
In more recent days, many of these same people spreading conspiracy theories have promoted the baseless and antisemitic claims that the entire incident is a false flag orchestrated by Israel.
Conspiracy theories flooding social media in response to breaking news are nothing new, but what is notable about those being pushed around the hantavirus outbreak is just how closely they echo the conspiracy theories promoted during the Covid-19 pandemic.
“One of the most striking shifts since the Covid pandemic is how rapidly misinformation narratives now organize themselves around emerging outbreaks,” Katrine Wallace, an epidemiologist at University of Illinois Chicago School of Public Health, tells WIRED.
“Within hours of the first hantavirus headlines, social media accounts were already promoting ivermectin, attributing the outbreak to Covid vaccines, and warning about a hantavirus vaccine that does not exist. The claims themselves were often contradictory, but that contradiction no longer appears to limit their spread.”
Once the hantavirus outbreak started making headlines around the world, conspiracy theorists and grifters jumped into action, spreading dangerously ill-informed claims and, of course, trying to sell people ivermectin.
“Ivermectin should work against it,” Mary Talley Bowden wrote on X. Bowden, a doctor, is a prominent promoter of medical misinformation who has promoted ivermectin as a treatment for Covid-19 and prescribed ivermectin to a Covid-19 patient. Hours after her first post on Hantavirus went viral, she followed up to say that she is selling ivermectin to Texans. Bowden did not respond to a request for comment.
Her post, which has been viewed 4 million times, was shared by former Congresswoman Marjorie Taylor Greene, who added that vitamin D and zinc would help fight the infection. Greene even claimed that not getting the Covid-19 vaccine had somehow allowed her to “develop natural immunity” against hantavirus.
Greene separately claimed, without evidence, that the pharmaceutical company Moderna had purposely manipulated the virus in order to allow them to cash in by developing a hantavirus vaccine. Greene did not respond to a request for comment.
Other prolific health disinformation promoters boosted the ivermectin claims, including Simone Gold, the founder of Covid denial group America’s Frontline Doctors, and Peter McCullough, a disinformation peddler who promoted the “sudden death” conspiracy theory about the Covid-19 vaccine, which falsely claimed that those who received the shot were at risk of dropping dead without any warning.
McCullough is also the chief scientific officer for The Wellness Company, which has been described as “Goop for the GOP.” The company has used the hantavirus outbreak to promote a $325 “Contagion Emergency Kit” which includes both ivermectin and hydroxychloroquine.
All the false claims and posts about ivermectin gained enough traction online that the World Health Organization responded to say that there is no research to suggest ivermectin is an effective treatment for hantavirus.
Conspiracy theorists have, meanwhile, been pushing the baseless idea that a side effect of Covid vaccines includes a hantavirus infection.
Hot on the heels of announcing its parent company has entered into a deal worth £4.3bn to buy CK Hutchison’s stake in the recently merged VodafoneThree in the UK, Vodafone has launched 5G Broadband, bringing high-speed connectivity via its 5G network to an additional 3.7 million homes and premises currently unable to access full-fibre networks.
By combining 5G Broadband and its existing full-fibre footprint, Vodafone says it can now bring full-fibre-like speeds to over 26 million homes, more than any other UK provider. The offer is targeted at households who cannot currently access full-fibre – renters, students and anyone who, says Vodafone, “wants powerful connectivity with flexibility”.
The launch reinforces the commitment made by VodafoneThree to connect every community as part of its £11bn investment programme to build out a network that can compete with the likes of BT/Openreach and Virgin Media O2. By bringing together the Vodafone and Three networks, the company said the combined 5G footprint will expand rapidly nationwide.
The offer is also a result of bringing the Vodafone and Three networks together and deploying its Multi Operator Core Network (MOCN) technology in more than 10,000 sites nationwide. This is designed to provide users with improved coverage with higher speeds in areas where it wasn’t previously available.
The enhanced coverage will also enable Vodafone 5G Broadband to reach 3.7 million more homes where there is currently no full-fibre. This complements Vodafone’s existing full-fibre footprint of 23.2 million homes – the largest of any UK provider.
With the service, customers can enjoy speeds from 50Mpbs to up to 150Mbps – 3x faster than a typical part-fibre connection – and unlimited data on every plan. For homes where the outdoor 5G signal is stronger than indoors, Vodafone assured that it would soon launch an outdoor hub to provide an extra boost.
The outdoor hub will require self-installation outside the property, where it will lock on to the strongest 5G signal available in the area and connect directly to the indoor Power Hub router. The result is claimed to be a consistent connection and “fast, seamless experience” throughout the home, even in rural areas.
Rob Winterschladen, consumer director at VodafoneThree, said: “Millions of households are still paying over the odds for unreliable and slow broadband that often only reaches 74Mbps. With Vodafone 5G Broadband, we’re giving those homes a genuinely fast alternative, at great value, with no installation, no waiting and no hassle … By adding 5G Broadband, we can now reach millions more [homes]. This launch is about giving customers real choice: full-fibre where it’s available, and powerful 5G broadband where it’s not – plus, better options for anyone wanting speed with ease and flexibility.”
Launching alongside Vodafone 5G Broadband is an integrated availability checker on Vodafone.co.uk, designed to make choosing the right connection effortless. Customers simply enter their postcode and are shown whether full-fibre or 5G broadband will give them the fastest speeds in their area.
Users can choose from a rolling 30-day or 24-month plan starting at £21 a month, with a £2-a-month discount for Vodafone Together customers. However, the operator cautioned that while the service operates on 5G where available, it may use 4G networks in limited circumstances.
President to undergo medical examination amid serious concerns
Taylor Swift spends quality time with family in New York City
US-Iran deal: Trump reaffirms Iran must not have nuclear weapons, praises Shehbaz, Munir for diplomacy
-
Tech1 week agoDHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts
-
Business1 week agoHeineken plans huge investment in hundreds of UK pubs ahead of World Cup
-
Tech5 days agoA new frontier: Identity stack evolves for agentic systems | Computer Weekly
-
Tech4 days ago‘Orbs,’ ‘Saucers,’ and ‘Flashes’ on the Moon: Pentagon Drops New UFO Files
-
Business1 week agoIndia among most resilient large EMs, better placed for future global shocks; policy reforms & strong buffers help: Moody’s – The Times of India
-
Fashion5 days agoNew orders in German manufacturing up 5% MoM in Mar 2026: Destatis
-
Tech5 days agoWhat Microsoft Executives Really Thought About OpenAI in 2018
-
Business1 week agoUS denies Iranian report warship was struck by missiles