ALL POSTS

Key Findings Apple is sending lock screen warnings to users with outdated iOS and iPadOS versions alerting them to active web-based exploits Exploit kits Coruna and DarkSword are actively targeting iOS versions 13 through 18.7, capable of stealing sensitive data through malicious links or compromised websites Users on iOS 13-14 must upgrade to iOS 15 and install critical security updates; iOS 15-16 devices received patches on March 11, 2026 Coruna shares code similarities wit

Key Findings Coruna iOS exploit kit uses an updated version of the kernel exploit from Operation Triangulation, a sophisticated 2023 iOS APT campaign The exploit kit includes five full exploit chains and 23 total exploits, targeting iOS 13.0 through 17.2.1 Coruna contains four additional kernel exploits not seen in Triangulation, two developed after the original campaign's discovery Code analysis reveals Coruna was designed with unified architecture rather than patchworked co

Key Findings CISA added five critical vulnerabilities to its Known Exploited Vulnerabilities catalog, including three Apple flaws, one Craft CMS code injection, and one Laravel Livewire vulnerability Three Apple vulnerabilities are linked to active exploitation by the DarkSword iOS exploit kit Craft CMS flaws have been actively exploited in the wild to breach servers and steal data Laravel Livewire vulnerability is associated with Iran-nexus APT group MuddyWater Federal agenc

Key Findings Google's Threat Intelligence Group (GTIG) identified a powerful new iOS exploit kit called Coruna (also known as CryptoWaters) The kit targets Apple iPhones running iOS versions 13.0 through 17.2.1 It includes five full exploit chains and a total of 23 exploits The kit is highly effective against the targeted iOS versions, but is ineffective against the latest iOS release Background GTIG first captured parts of an iOS exploit chain used by a customer of a surveil