Tech
Iranians Don’t Have a Missile Alert System, So Volunteers Built Their Own Warning Map
Since Donald Trump’s war on Iran started more than three weeks ago, United States military forces have allegedly attacked more than 9,000 sites, creating a climate of fear and constant uncertainty for Iranians in Tehran and across the country. Without an advanced warning system from the government, and amid the longest internet shutdown in Iran’s history, Iranians are left in an information void.
Even before Israel and the United States began dropping bombs, Iran’s lack of a public emergency alert tool and severe state-controlled digital oppression has impacted tens of millions of citizens. Since the 12-day Israel-Iran war last year, though, a group of Iranian digital rights activists and volunteers has been working to fill the gap with a dynamic, regularly updated mapping platform called Mahsa Alert. The project can’t replace real-time early alerts that could come from a coordinated government service, but the tool sends push notifications when Israeli forces warn about attacks, details some confirmed strike locations, and offers offline mapping capabilities.
“There is no emergency alert in Iran,” says Ahmad Ahmadian, the president and CEO of US-based digital rights group Holistic Resilience, which is behind Mahsa Alert and has been developing the platform since last summer. “This was where we saw the traction, we saw the need, and we continued working on it with the volunteers, with some [open source intelligence] experts, and used this to map the repression machinery ecosystem of Iran and surveillance.”
Mahsa Alert is a website but also has Android and iOS apps, which were intentionally designed to be lightweight and easy to use on any device. Given the heavy government connectivity control inside Iran and erratic access to the internet, volunteers also prioritized engineering the platform for offline use. And it can be easily updated if a user does get connectivity for a brief period by downloading APK files that contain new data. The team works to keep these updates extremely small; a recent release was 60 kilobytes, and Ahmadian says they are typically no more than 100 kilobytes.
One overlay on Mahsa Alerts plots the locations of “confirmed attacks” that Ahmadian says his team or other OSINT investigators have verified, using video footage or images that are submitted to a Telegram bot or shared on social media. There are also warnings about areas where Israeli forces have issued evacuation alerts, along with the crucial component of people submitting reports on what is happening around them.
“We have to go through a due diligence and verification process and tag them before putting them on the map,” Ahmadian says of the reported attacks and incidents, adding that the team has a backlog of more than 3,000 reports that it is working through or is unable to verify. Along with attempting to map strikes, the team behind Mahsa Alert have also plotted “danger zones” that could be at risk of attack—such as sites linked to Iran’s nuclear program or military—so ordinary citizens can stay away from them. Ahmadian claims 90 percent of attacks it has confirmed were at sites that were already present on the map. “Some of them that we can confirm, we do it because [a user] has shared a photo or they have shared some details that makes them verifiable,” he says.
The map also includes locations of thousands of CCTV cameras, suspected government checkpoints, and other domestic infrastructure. Medical facilities, such as hospitals and pharmacies, are included on the map along with other resources like the locations of religious sites and past protests.
Mahsa Alert has become more visible on global social media feeds as Iranians around the world share details from the map, encouraging people to look into the service and flagging it for friends and family who could use it as a resource. “The app went from near zero to over 100,000 daily active users in a matter of days,” Ahmadian says, adding that in total there have been around 335,000 users this year, with people first turning to the app during the Iranian regime’s brutal crackdown on anti-government protesters in January. Through the limited user information the app collects, Ahmadian claims there are signs that 28 percent of users are accessing the platform from inside Iran.
Microsoft has addressed around 140 newly discovered common vulnerabilities and exposures (CVEs) in its May Patch Tuesday update, but for the first time in a long time, the latest monthly drop contains no zero-day flaws, meaning that none of the issues in scope have been actively exploited or publicly disclosed.
But while a less panic-inducing drop will be welcomed by security teams around the world, the May 2026 Patch Tuesday update contains almost 20 critical severity flaws that will inevitably draw the attention of threat actors in the coming days and weeks.
Jack Bicer, Action1 director of vulnerability research, said: “Although the absence of zero-days is a positive sign, the high number of critical vulnerabilities – particularly compared to recent months – means organisations should still move quickly to evaluate and deploy updates across affected systems.”
This month’s update is also particularly significant as it heralds a critical Secure Boot certificate expiration deadline on 26 June, a few weeks from now. Devices that fail to receive updated Secure Boot certificates – which are now rolling out – face potentially catastrophic failures or as-yet-undiscovered security flaws that may prove impossible to fix.
“The May 2026 update cycle is a high-stakes bridge to the 26 June certificate expiration deadline, making fleet-wide rotation to new trust anchors the month’s absolute priority,” said Rain Baker, senior incident response specialist at Nightwing’s ShadowScout team.
“For those who haven’t patched for last month’s releases for the Windows Shell and Microsoft Defender bypass flaws, it is imperative that security teams give these the highest priority,” added Baker.
Bugs abounding
Among some of the critical updates issued this month is a fix for a Windows DNS Client remote code execution (RCE) flaw tracked as CVE-2026-41096. This vulnerability stems from a heap-based buffer overflow condition in Windows NetLogon and could enable an unauthenticated actor to take over the target system by sending it a malicious DNS response.
“Because DNS is a core networking service used across enterprise environments, exploitation could impact a large number of systems rapidly,” said Action1’s Bicer.
“Successful attacks may lead to widespread endpoint compromise, ransomware deployment, credential harvesting, and operational disruption across corporate networks.
Bicer added: “This CVE requires immediate attention considering its severity rating, network-based attack vector, no authentication requirements, and no user interaction. DNS-related vulnerabilities are especially dangerous because they target foundational network services that are broadly exposed across enterprise infrastructure.”
Also drawing attention this evening is CVE-2026-42898, another RCE issue, this one in on-prem versions of Microsoft Dynamics 365, which bears a common vulnerability scoring system (CVSS) score of 9.9. Again, this issue requires no user interaction and because it can impact systems beyond the original security scope of the vulnerable component, carries an extreme risk to enterprises.
Previous attacks on Dynamics 365 infrastructure have exposed important, privileged data, and because CRM environments plug into so many other important systems, successful exploitation could lead to wholesale compromise.
Meanwhile, Automox chief technology officer Jason Kikta weighed in on CVE-2026-41089, an RCE flaw in Windows Netlogon, and CVE-2026-40402, an elevation of privilege (EoP) vulnerability in Hyper-V.
“CVE-2026-41089 – CVSS 9.8 out of 10 – is a stack-based buffer overflow in Windows Netlogon,” explained Kikta. “An attacker sends a crafted network request to a domain controller. No authentication required. No user interaction required. If you’ve been doing this long enough, the description language sounds sadly familiar.
“I’d be careful drawing a direct line to Zerologon. The underlying bug is a stack overflow, not a crypto protocol flaw, and Microsoft has not labeled this one as wormable. The mechanism is different, but the blast radius is still ugly when you’re talking about pre-auth code execution on a domain controller.”
The Hyper-V issue can be exploited by a low-privileged account inside a guest virtual machine (VM) to execute code on the host with system-level privileges. Kikta warned that one compromised guest could serve as a pivot point for every other VM on the same host, and the host fabric into the bargain. Hosted desktop environments and shared virtualisation platforms are likely to be swiftly targeted.
“Multi-tenant VDI, on-premises virtualisation with untrusted workloads, or any Hyper-V host running guests you don’t fully control. Same-week, same-day patch depending on what’s on top of it,” Kikta advised.
Patch apocalypse?
Lacking though it is in zero-days, Redmond’s latest meaty update will do little to assuage the concerns of onlookers alarmed at the supposedly earth-shattering vulnerability discovery capabilities of Anthropic’s Claude Mythos frontier AI model.
Chris Goettl, vice president of security product management at Ivanti, said that these concerns were being taken seriously by many key software suppliers and other tech firms that are becoming far more aggressive in their patching in response to the changes of the past few weeks.
“Oracle announced a new release cadence starting in May 2026 to address the acceleration of vulnerability detection introduced by Mythos and other AI security models; monthly Critical Security Patch Update (CSPUs) will fill in the two-month gap between their quarterly Critical Patch Update (CPU),” he said.
“Apple is another early participant in Project Glasswing and has seen a recent spike in the number of exposures resolved. They typically average around 20 CVEs per iOS security update [but] for their most recent update on May 11, there is a spike of 52 CVEs resolved. Across the 11 Apple updates, the CVE counts range from 25 at the low end to 52 on the high end and Apple backported changes all the way to iPhone 6s and iOS 15. While there are not actively exploited vulnerabilities, there are a lot of updates to manage.”
Meanwhile, Mozilla, the backers of the Firefox browser, which is said to have had over 270 vulnerabilities identified after Claude Mythos was applied to it, has also moved to a more aggressive weekly cadence for its security updates since the release of Firefox 150.0.0 in April 2026 – version 150.0.3 of Firefox dropped earlier today (12 May).
Conspiracy theorists, wellness influencers, and grifters have already started promoting wild claims about the hantavirus outbreak that began aboard the MV Hondius, a cruise ship on the Atlantic.
Some conspiracy theorists compared the outbreak to the Covid-19 pandemic, claiming it was another effort to control the global population, while others pushed a false narrative that the Covid-19 vaccine caused hantavirus. Many others promoted ivermectin as a treatment, using the incident as a way to sell emergency medical kits featuring the antiparasitic drug typically used as a horse dewormer.
In more recent days, many of these same people spreading conspiracy theories have promoted the baseless and antisemitic claims that the entire incident is a false flag orchestrated by Israel.
Conspiracy theories flooding social media in response to breaking news are nothing new, but what is notable about those being pushed around the hantavirus outbreak is just how closely they echo the conspiracy theories promoted during the Covid-19 pandemic.
“One of the most striking shifts since the Covid pandemic is how rapidly misinformation narratives now organize themselves around emerging outbreaks,” Katrine Wallace, an epidemiologist at University of Illinois Chicago School of Public Health, tells WIRED.
“Within hours of the first hantavirus headlines, social media accounts were already promoting ivermectin, attributing the outbreak to Covid vaccines, and warning about a hantavirus vaccine that does not exist. The claims themselves were often contradictory, but that contradiction no longer appears to limit their spread.”
Once the hantavirus outbreak started making headlines around the world, conspiracy theorists and grifters jumped into action, spreading dangerously ill-informed claims and, of course, trying to sell people ivermectin.
“Ivermectin should work against it,” Mary Talley Bowden wrote on X. Bowden, a doctor, is a prominent promoter of medical misinformation who has promoted ivermectin as a treatment for Covid-19 and prescribed ivermectin to a Covid-19 patient. Hours after her first post on Hantavirus went viral, she followed up to say that she is selling ivermectin to Texans. Bowden did not respond to a request for comment.
Her post, which has been viewed 4 million times, was shared by former Congresswoman Marjorie Taylor Greene, who added that vitamin D and zinc would help fight the infection. Greene even claimed that not getting the Covid-19 vaccine had somehow allowed her to “develop natural immunity” against hantavirus.
Greene separately claimed, without evidence, that the pharmaceutical company Moderna had purposely manipulated the virus in order to allow them to cash in by developing a hantavirus vaccine. Greene did not respond to a request for comment.
Other prolific health disinformation promoters boosted the ivermectin claims, including Simone Gold, the founder of Covid denial group America’s Frontline Doctors, and Peter McCullough, a disinformation peddler who promoted the “sudden death” conspiracy theory about the Covid-19 vaccine, which falsely claimed that those who received the shot were at risk of dropping dead without any warning.
McCullough is also the chief scientific officer for The Wellness Company, which has been described as “Goop for the GOP.” The company has used the hantavirus outbreak to promote a $325 “Contagion Emergency Kit” which includes both ivermectin and hydroxychloroquine.
All the false claims and posts about ivermectin gained enough traction online that the World Health Organization responded to say that there is no research to suggest ivermectin is an effective treatment for hantavirus.
Conspiracy theorists have, meanwhile, been pushing the baseless idea that a side effect of Covid vaccines includes a hantavirus infection.
Hot on the heels of announcing its parent company has entered into a deal worth £4.3bn to buy CK Hutchison’s stake in the recently merged VodafoneThree in the UK, Vodafone has launched 5G Broadband, bringing high-speed connectivity via its 5G network to an additional 3.7 million homes and premises currently unable to access full-fibre networks.
By combining 5G Broadband and its existing full-fibre footprint, Vodafone says it can now bring full-fibre-like speeds to over 26 million homes, more than any other UK provider. The offer is targeted at households who cannot currently access full-fibre – renters, students and anyone who, says Vodafone, “wants powerful connectivity with flexibility”.
The launch reinforces the commitment made by VodafoneThree to connect every community as part of its £11bn investment programme to build out a network that can compete with the likes of BT/Openreach and Virgin Media O2. By bringing together the Vodafone and Three networks, the company said the combined 5G footprint will expand rapidly nationwide.
The offer is also a result of bringing the Vodafone and Three networks together and deploying its Multi Operator Core Network (MOCN) technology in more than 10,000 sites nationwide. This is designed to provide users with improved coverage with higher speeds in areas where it wasn’t previously available.
The enhanced coverage will also enable Vodafone 5G Broadband to reach 3.7 million more homes where there is currently no full-fibre. This complements Vodafone’s existing full-fibre footprint of 23.2 million homes – the largest of any UK provider.
With the service, customers can enjoy speeds from 50Mpbs to up to 150Mbps – 3x faster than a typical part-fibre connection – and unlimited data on every plan. For homes where the outdoor 5G signal is stronger than indoors, Vodafone assured that it would soon launch an outdoor hub to provide an extra boost.
The outdoor hub will require self-installation outside the property, where it will lock on to the strongest 5G signal available in the area and connect directly to the indoor Power Hub router. The result is claimed to be a consistent connection and “fast, seamless experience” throughout the home, even in rural areas.
Rob Winterschladen, consumer director at VodafoneThree, said: “Millions of households are still paying over the odds for unreliable and slow broadband that often only reaches 74Mbps. With Vodafone 5G Broadband, we’re giving those homes a genuinely fast alternative, at great value, with no installation, no waiting and no hassle … By adding 5G Broadband, we can now reach millions more [homes]. This launch is about giving customers real choice: full-fibre where it’s available, and powerful 5G broadband where it’s not – plus, better options for anyone wanting speed with ease and flexibility.”
Launching alongside Vodafone 5G Broadband is an integrated availability checker on Vodafone.co.uk, designed to make choosing the right connection effortless. Customers simply enter their postcode and are shown whether full-fibre or 5G broadband will give them the fastest speeds in their area.
Users can choose from a rolling 30-day or 24-month plan starting at £21 a month, with a £2-a-month discount for Vodafone Together customers. However, the operator cautioned that while the service operates on 5G where available, it may use 4G networks in limited circumstances.
President to undergo medical examination amid serious concerns
Taylor Swift spends quality time with family in New York City
US-Iran deal: Trump reaffirms Iran must not have nuclear weapons, praises Shehbaz, Munir for diplomacy
-
Tech1 week agoDHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts
-
Business1 week agoHeineken plans huge investment in hundreds of UK pubs ahead of World Cup
-
Tech5 days agoA new frontier: Identity stack evolves for agentic systems | Computer Weekly
-
Tech4 days ago‘Orbs,’ ‘Saucers,’ and ‘Flashes’ on the Moon: Pentagon Drops New UFO Files
-
Business1 week agoIndia among most resilient large EMs, better placed for future global shocks; policy reforms & strong buffers help: Moody’s – The Times of India
-
Fashion5 days agoNew orders in German manufacturing up 5% MoM in Mar 2026: Destatis
-
Tech5 days agoWhat Microsoft Executives Really Thought About OpenAI in 2018
-
Sports4 days agoShaheen Afridi achieves landmark feat during opening Test against Bangladesh