Iranian threat actor Nimbus Manticore (UNC1549) conducted a series of campaigns in early 2026 utilizing AppDomain Hijacking, SEO poisoning, and task hijacking to deploy the new MiniFast backdoor. The group demonstrated rapid toolset evolution, likely aided by AI-assisted development, targeting the aviation and software sectors across the US, Europe, and the Middle East.