Find notable cyber news and cases, enriched with sources, timelines, and signals.

Coruna iOS mass exploitation wave

Exploitation Wave
First reported
Last updated
Happening score
H score 43
1 unique sources, 2 articles

Summary

Hide ▲

The Coruna exploit kit marks the first observed mass exploitation against iOS devices, shifting risk from highly targeted spyware to broad deployment against iPhone users. It combines a device-fingerprinting framework with multiple iOS exploit chains to choose the right WebKit RCE path for each target. The development matters because it shows advanced mobile exploitation being reused at scale rather than confined to isolated surveillance operations.

Cases

Related Happenings

WebKit memory corruption, out-of-bounds write, and use-after-free flaws (multiple vulnerabilities)

Vulnerability
H score1 First: 30.06.2026 10:15 Last: 30.06.2026 10:15 Sources 1

About this happening: **WebKit** now has four patched vulnerabilities, including **CVE-2026-43707**, **CVE-2026-43716**, **CVE-2026-43745**, and **CVE-2026-43715**, that can be triggered by **malicious...

Apple Passwords app and Safari add Apple Intelligence-powered automatic password repair

Security Tool/Service
H score10 First: 09.06.2026 00:03 Last: 09.06.2026 00:03 Sources 1

About this happening: **Apple Passwords app** and **Safari** are adding an **Apple Intelligence** feature that can automatically repair weak or compromised passwords, reducing password-hygiene risk for...

Bright Data iOS SDK teardown reveals unauthenticated scraping relay and VPN bypass

Technical Analysis
H score45 First: 06.06.2026 11:29 Last: 06.06.2026 11:29 Sources 1

About this happening: Researchers **reverse-engineered Bright Data's iOS SDK** and found it can turn consumer devices into **exit nodes** for web-scraping traffic. The teardown showed the job channel h...

AI-driven attack surge against customer-facing mobile apps in 2026

Trend
H score43 First: 19.05.2026 15:00 Last: 19.05.2026 15:00 Sources 1

About this happening: **Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...

IOS 26.5 beta rolls out default end-to-end encrypted RCS messaging on iPhone and Android

Security Tool/Service
H score11 First: 12.05.2026 08:18 Last: 12.05.2026 08:18 Sources 1

About this happening: Apple's **iOS 26.5** beta adds **default end-to-end encrypted RCS** messaging for **iPhone** and **Android** users, strengthening privacy in cross-platform chats. The rollout cove...

Timeline

  1. 04.03.2026 15:28 2 articles · 4mo ago

    Coruna iOS exploit kit identified across Apple iPhone targets

    Initial Disclosure

    Google identified Coruna (aka CryptoWaters) as a new and powerful exploit kit targeting Apple iPhone models running iOS 13.0–17.2.1, and GTIG said it contained five full iOS exploit chains and 23 exploits built around device fingerprinting, WebKit RCE exploitation, and a PAC bypass. The same reporting also tied the framework to activity that circulated since February 2025, appeared on compromised Ukrainian websites in July 2025 through a hidden iFrame delivery path, and later surfaced on fake Chinese finance websites in December 2025 without geolocation constraints, while noting that the kit is not effective against the latest iOS.

    Show sources