惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
aimingoo的专栏
aimingoo的专栏
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Tailwind CSS Blog
J
Java Code Geeks
博客园_首页
Google Online Security Blog
Google Online Security Blog
Hugging Face - Blog
Hugging Face - Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
I
Intezer
P
Palo Alto Networks Blog
V
Vulnerabilities – Threatpost
雷峰网
雷峰网
O
OpenAI News
SecWiki News
SecWiki News
小众软件
小众软件
酷 壳 – CoolShell
酷 壳 – CoolShell
美团技术团队
N
News | PayPal Newsroom
Project Zero
Project Zero
Forbes - Security
Forbes - Security
IT之家
IT之家
A
Arctic Wolf
WordPress大学
WordPress大学
Jina AI
Jina AI
T
Tor Project blog
博客园 - 三生石上(FineUI控件)
S
Secure Thoughts
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
博客园 - 聂微东
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Privacy International News Feed
Cloudbric
Cloudbric
G
GRAHAM CLULEY
博客园 - 叶小钗
H
Hacker News: Front Page
腾讯CDC
量子位
Help Net Security
Help Net Security
人人都是产品经理
人人都是产品经理
C
Cyber Attacks, Cyber Crime and Cyber Security
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
宝玉的分享
宝玉的分享
爱范儿
爱范儿
L
Lohrmann on Cybersecurity
Hacker News - Newest:
Hacker News - Newest: "LLM"
Recorded Future
Recorded Future
C
CERT Recently Published Vulnerability Notes

Cyberwarzone

LinkedIn Sued Over Browser Extension Scanning Why Cyberwarfare Uses Ambiguity and Delayed Attribution as Pressure Why Cyberwarfare Pressures Trusted Access and Account Recovery Paths Why Cyberwarfare Keeps Pressuring Recovery Paths and Fallback Systems Why Cyberwarfare Keeps Pressuring Shared Service Providers Why Cyberwarfare Pressures Industry Clusters Why Cyberwarfare Turns Nearby Economies Into Spillover Zones Why Cyberwarfare Forces Firms to Scan Networks Early Why Cyberwarfare Targets Crisis Messaging Systems Why Cyberwarfare Keeps Pressuring Energy Networks Why Cyberwarfare Keeps Pressuring Communications Networks Why Cyberwarfare Keeps Pressuring Shipping and Logistics Networks Why Cyberwarfare Keeps Pressuring Banks and Financial Networks Why Endpoint Management Systems Are Becoming Cyberwarfare Choke Points Why Cyberwarfare Targets Healthcare and Medical Supply Chains Why Cyberwarfare Increasingly Exploits Trusted Civilian Apps Why Cyberwarfare Hits Civilian Companies First Critical Quest KACE SMA RCE (CVE-2025-32975) Under Attack Handala Rebounds After FBI Seizure, Exposing Iran Cyberwar Resilience Top 10 Cyber Escalation Risks Security Leaders Should Understand Top 10 Questions to Ask Before Calling an Incident Cyberwarfare Top 10 Cyber Deterrence Problems Security Leaders Should Understand Top 10 OT and ICS Risks in Modern Cyberwarfare Top 10 Cyberwarfare Doctrine Ideas Security Leaders Should Understand Top 10 Attribution Problems in State-Linked Cyber Operations Iran Cyberwar: Identity Systems Become the Target Iran Cyberwar Shifts to Spillover, Retaliation, and Control Top 10 Critical Infrastructure Sectors Most Exposed in Cyberwarfare Top 10 Below-Threshold Cyber Operations States Use Top 10 Differences Between Cyberwarfare and Cyber Espionage Top 10 Signs a Cyber Campaign Is Pre-Positioning for Future Conflict Top 10 Signs a CVE Needs Clear Closure Criteria Top 10 Signs a CVE Needs Proof of Remediation Top 10 Signs a CVE Needs a Risk Acceptance Review Top 10 Signs a CVE Needs Asset Owner Escalation Top 10 Signs a CVE Needs a Special Maintenance Window Top 10 Signs a CVE Needs Compensating Controls Before You Can Patch Top 10 Signs a CVE Needs a Staged Patch Rollout Top 10 Signs a CVE Is More Dangerous as Part of an Exploit Chain Top 10 CVE Sources Security Teams Should Check After Reading a CVE Top 10 CVE Fields Security Teams Should Review Before Patching Top 10 CVE Items Security Teams Should Patch First in 2026 Trivy Supply Chain Attack Spreads Infostealer, Worm, and Kubernetes Wiper via Docker Hub Hong Kong Police Can Demand Phone Passwords Under New Security Law North Korean Hackers Deploy StoatWaffle Malware via VS Code Projects FBI Seizes MOIS Leak Sites After Handala Attack Hit Hospitals Baghdad to Ras Laffan: Iran-Linked Strikes Widen the Regional War Dutch Police Employee Critical of Iranian Regime Shot in Schoonhoven Lebanon Death Toll Tops 1,000 as Israeli Bombardment Continues Pentagon Seeks $200 Billion for Iran War With No End Date in Sight Trump’s Pearl Harbor Remark Exposes Japan’s Iran War Dilemma Haifa Refinery Hit as Iran Expands Retaliation to Israeli Energy Sites How to Report Remediation Progress to Leadership Which Vulnerability Remediation Metrics Matter Gulf Drug Supply Chains Strain as Hormuz Disruption Spreads LNG Buyers Scramble as Hormuz Disruption Hits Qatari Supply Routes Gulf Importers Reroute Supplies as Hormuz Disruption Spreads How to Run Emergency Change Approval for Security Patches EU Eases Gas Import Rules as Iran Crisis Threatens Hormuz Flows Gulf Producers Turn to Pipelines as Hormuz Shipping Risk Deepens How to Communicate During Emergency Patching Iran Warns Gulf Energy Sites to Evacuate After South Pars Strike Who Owns Vulnerability Remediation? Europe Signals Distance From Trump’s Iran War While Watching Hormuz What to Monitor After Emergency Patching to Catch Incomplete Fixes Gulf States Create Safe Sea Corridor as Hormuz Risk Rises How to Verify a Vulnerability Is Really Remediated EU Sanctions Chinese, Iranian Firms Over Cyberattacks When to Grant a Vulnerability Exception CISA Warns on Microsoft Intune After Stryker Cyberattack How to Validate Vulnerability Exposure Before You Escalate a Patch How to Write a Vulnerability Remediation SLA That Works 5 KEV Lessons That Show How Patch Prioritization Fails How to Build a KEV-Driven Patch Workflow Without Burning Out Your Team Greek Firms Scan Networks as Iran War Raises Cyberattack Risk KEV vs CVSS vs EPSS: Which Signal Should Drive Patch Priority? Top 10 Signs a CVE Needs Emergency Patching Top 10 MDR Tools for 2026: Compare Leading Providers Red Sea Risk Rises as Houthi Shipping Threat Looms Top 10 SOAR Tools for 2026: Compare Leading Platforms Top 10 XDR Tools for 2026: Compare Leading Platforms Hezbollah Readiness Grows as Lebanon Front Heats Up Top 10 EDR Tools for 2026: How to Compare Leading Platforms Top 10 SIEM Tools for 2026: How to Compare the Leading Platforms Airstrikes Target Iran’s Syria Logistics Corridor as Regional Proxy War Expands Drone and Rocket Attacks on U.S. Embassy Mark Sharp Escalation in Baghdad South Pars Gas Field Hit: Iran Warns of Gulf Energy Escalation Service Account Security: How to Control Privilege, Rotation, Ownership, and Trust Paths Incident Response Playbook: How to Triage, Contain, Investigate, and Recover Middle East war disrupts pharma air routes and raises risk of cancer drug shortages in Gulf Cisco Talos links UAT-9244 to TernDoor, PeerTime, and BruteEntry attacks on South American telecoms FortiGate devices exploited to steal service account credentials and breach networks Attack Surface Management: How to Find Exposed Assets, Prioritize Risk, and Reduce Drift CISA adds two actively exploited vulnerabilities to KEV catalog Meta disables 150,000 accounts linked to Southeast Asia scam centers CISA adds five actively exploited vulnerabilities to KEV catalog What Is Zero Trust? A Practical Guide to Identity, Access, and Network Segmentation INTERPOL operation takes down 45,000 malicious IPs and leads to 94 arrests ADNOC loading still halted at Fujairah after drone strike as Iran war disrupts UAE export corridor Apple updates older iPhones and iPads for WebKit flaw exploited in Coruna spyware attacks
Who Commands Iran Now After Larijani’s Killing?
Reza Rafati · 2026-03-20 · via Cyberwarzone

Questions over who is commanding Iran deepened on March 19, 2026, after the killing of Ali Larijani, the secretary of Iran’s Supreme National Security Council and one of the regime’s most visible wartime figures in Tehran. Al Jazeera reported that Larijani had stepped into a more prominent role after the reported assassination of Supreme Leader Ali Khamenei and other senior Iranian military and political figures following the start of the US-Israeli attacks on February 28.

The same reporting said Mojtaba Khamenei has been announced as successor to his father, but that US officials claim he is wounded and analysts question how much practical authority he can exercise because he has never held an executive role. That matters beyond succession optics. In wartime, command ambiguity affects deterrence, response speed, succession planning and the coherence of military, intelligence and internal security operations. The central issue is not just who holds the title in Tehran, but whether Iran still has a chain of command capable of coordinating political messaging and battlefield decisions under sustained pressure.

\n\n

Why the chain of command matters more than the succession headline

The central risk is not only uncertainty over the next supreme leader. It is fragmentation across the institutions that actually run the war: the Supreme National Security Council, the Islamic Revolutionary Guard Corps, the regular military, the intelligence apparatus and the clerical-political system that tries to arbitrate between them. Larijani mattered because he sat close to the point where those channels could be coordinated. His removal leaves a gap in both political signaling and operational synchronization.

Analysts cited by Al Jazeera stressed that the formal constitutional process may still exist, but that wartime conditions make it harder to predict who will exercise real authority. That distinction is crucial. A state can fill an office on paper while still suffering a practical command deficit if the replacement lacks battlefield credibility, bureaucratic leverage or the confidence of the security services.

In my view, this is where outside observers often misread leadership crises in authoritarian systems. They focus on the visible title and miss the decision network beneath it. During periods of acute pressure, influence often flows through whoever can control information, secure elite consensus and prevent rival security bodies from freelancing. If Tehran cannot do that cleanly, the result may be inconsistent messaging, slower crisis response and a greater chance of overcorrection or miscalculation.

\n\n

Mojtaba Khamenei may hold the title, but not yet the certainty of control

Reporting carried by Al Jazeera says Mojtaba Khamenei has been announced as successor to his father, but that US officials claim he is wounded and analysts note he has never held an executive role. Those are not small caveats. In wartime, a successor without an established governing track record may struggle to project authority across the military, the security bureaucracy and the clerical establishment at the same time.

That creates several risks that competitors often blur together. The first is procedural risk: delays in appointments, unclear delegations and uncertainty over who can authorize major responses. The second is signaling risk: adversaries may test the system if they believe authority is fragmented or symbolic. The third is internal risk: factions inside the regime may try to secure influence while the hierarchy is unsettled, producing contradictory messages or uneven enforcement.

There is also a harder edge case here. Tehran may intentionally keep some succession decisions opaque to avoid painting targets on additional senior figures. Barbara Slavin made that point directly in Al Jazeera’s reporting. If that is what happens, opacity may improve survivability at the top while making outside assessment of Iranian intent much harder. That combination can be stabilizing internally and destabilizing externally at the same time.

\n\n

What command uncertainty changes on the battlefield

A leadership vacuum does not automatically paralyze the Iranian state, but it can change how risk is processed. Command systems under pressure often become either slower and more cautious or faster and more erratic. If decision-making narrows into a smaller, less transparent circle, Iran may preserve regime continuity while increasing the chance of signaling errors, delayed deconfliction or retaliatory moves that are more emotional than strategically calibrated.

This matters for military planning, cyber operations and regional messaging alike. A fragmented command environment can produce mismatches between public threats and actual capability deployment. It can also complicate backchannel diplomacy because foreign governments may not know which Iranian actor can credibly commit to restraint, escalation or negotiation. In practical terms, that means the danger is not only who commands Iran now, but whether outside powers can still read Tehran’s intentions with confidence.

The deeper strategic issue is durability. States can survive leader loss if institutions are resilient, but repeated removals of visible decision-makers raise the odds that informal networks begin substituting for formal process. That may keep operations running in the short term, yet it usually makes the system harder to interpret from the outside and harder to discipline from the inside. In wars, that combination tends to increase volatility.

For broader context on the conflict and its institutional fallout, see our Iranian Revolution 2026 intelligence briefing.

About the Author

Reza Rafati Avatar

Reza Rafati

Reza Rafati is a cybersecurity specialist and founder of Threat Intelligence Lab, with a focus on cyber threat intelligence, threat hunting, and coordinated takedowns. He publishes practical guidance on ThreatIntelligenceLab and Cyberwarzone, and regularly speaks on topics spanning cybercrime, AI, and warfare.