Check Point researchers report that Iranian APT group Nimbus Manticore, linked to Iran's Revolutionary Guard, has updated its tactics to target aviation and software companies in Saudi Arabia, Australia, and increasingly the United States. The group is now using a technique called AppDomain hijacking instead of DLL sideloading, deploying new backdoors like MiniFast through fake job offers and trojanized software downloads, including a malicious Zoom installer and fake SQL Developer website. Security researchers believe the threat actors may be using AI-assisted development tools to rapidly adapt their malware and maintain their infrastructure.