Coruna watering-hole and fake-site exploitation campaign
Campaign
Summary
Hide ▲
Show ▼
A suspected Russia-aligned nation-state actor is using Coruna in watering-hole attacks in Ukraine and a mass exploitation campaign, expanding the kit’s abuse beyond its original precision-espionage role. The operation steers users who visit compromised or lure websites through a browser-fingerprinting exploit chain that can select the right payload and deliver PlasmaLoader (aka PLASMAGRID). That broadens risk for unpatched Apple iPhone users and shows how a once-targeted framework can be repurposed for wider abuse.
Cases
Related Happenings
Apple iOS, macOS, and Safari security updates (multiple vulnerabilities)
Security Patch Release
H score33
First: 30.06.2026 10:15
Last: 30.06.2026 10:15
Sources 1
About this happening:
**Apple** released security updates for **iOS**, **macOS**, and **Safari** that fix **over three dozen flaws**, including **four WebKit vulnerabilities**. The update bundle covers...
Apple iOS, macOS, and Safari security updates (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: **Apple** released security updates for **iOS**, **macOS**, and **Safari** that fix **over three dozen flaws**, including **four WebKit vulnerabilities**. The update bundle covers...
WebKit memory corruption, out-of-bounds write, and use-after-free flaws (multiple vulnerabilities)
Vulnerability
H score1
First: 30.06.2026 10:15
Last: 30.06.2026 10:15
Sources 1
About this happening:
**WebKit** now has four patched vulnerabilities, including **CVE-2026-43707**, **CVE-2026-43716**, **CVE-2026-43745**, and **CVE-2026-43715**, that can be triggered by **malicious...
WebKit memory corruption, out-of-bounds write, and use-after-free flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **WebKit** now has four patched vulnerabilities, including **CVE-2026-43707**, **CVE-2026-43716**, **CVE-2026-43745**, and **CVE-2026-43715**, that can be triggered by **malicious...
Apple Passwords app and Safari add Apple Intelligence-powered automatic password repair
Security Tool/Service
H score10
First: 09.06.2026 00:03
Last: 09.06.2026 00:03
Sources 1
About this happening:
**Apple Passwords app** and **Safari** are adding an **Apple Intelligence** feature that can automatically repair weak or compromised passwords, reducing password-hygiene risk for...
Apple Passwords app and Safari add Apple Intelligence-powered automatic password repair
Security Tool/ServiceAbout this happening: **Apple Passwords app** and **Safari** are adding an **Apple Intelligence** feature that can automatically repair weak or compromised passwords, reducing password-hygiene risk for...
AI-driven attack surge against customer-facing mobile apps in 2026
Trend
H score43
First: 19.05.2026 15:00
Last: 19.05.2026 15:00
Sources 1
About this happening:
**Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...
AI-driven attack surge against customer-facing mobile apps in 2026
TrendAbout this happening: **Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...
MiningDropper (BeatBanker) modular Android payload framework with encrypted staging
Technical Analysis
H score22
First: 24.04.2026 14:48
Last: 24.04.2026 14:48
Sources 1
About this happening:
**MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...
MiningDropper (BeatBanker) modular Android payload framework with encrypted staging
Technical AnalysisAbout this happening: **MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...
Timeline
-
26.03.2026 13:07 2 articles · 3mo ago
Kaspersky links Coruna to Triangulation-era exploit code
Technical Analysis UpdateKaspersky reported that the Coruna iOS exploit kit is an updated version of the kernel exploit code used in Operation Triangulation, with shared kernel exploitation framework elements, support for Apple's A17, M3, M3 Pro, and M3 Max processors, checks for iOS 17.2 and iOS 16.5 beta 4, and delivery of five full iOS exploit chains and 23 exploits that can lead to PlasmaLoader (aka PLASMAGRID) after a compromised Safari visit.
Show sources
- Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks — thehackernews.com — 26.03.2026 13:07
- Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks — thehackernews.com — 26.03.2026 13:07