Operation Triangulation updated iPhone espionage campaign
Campaign
Summary
Hide ▲
Show ▼
The Operation Triangulation espionage lineage has resurfaced through Coruna, extending zero-click iPhone targeting to newer A17 and M3 devices and iOS 17.2. The kit includes five full iOS exploit chains and uses 23 vulnerabilities, including CVE-2023-32434 and CVE-2023-38606. The original operation began in 2019 and was uncovered in June 2023 after silent infection of iPhones via iMessage. The same framework has since been reused in cryptocurrency theft campaigns, widening the risk beyond espionage.
Related Happenings
IOS 26.5 beta rolls out default end-to-end encrypted RCS messaging on iPhone and Android
Security Tool/Service
First: 12.05.2026 08:18
Last: 12.05.2026 08:18
Sources 1
About this happening:
Apple's **iOS 26.5** beta adds **default end-to-end encrypted RCS** messaging for **iPhone** and **Android** users, strengthening privacy in cross-platform chats. The rollout cove...
IOS 26.5 beta rolls out default end-to-end encrypted RCS messaging on iPhone and Android
Security Tool/ServiceAbout this happening: Apple's **iOS 26.5** beta adds **default end-to-end encrypted RCS** messaging for **iPhone** and **Android** users, strengthening privacy in cross-platform chats. The rollout cove...
MiningDropper (BeatBanker) modular Android payload framework with encrypted staging
Technical Analysis
First: 24.04.2026 14:48
Last: 24.04.2026 14:48
Sources 1
About this happening:
**MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...
MiningDropper (BeatBanker) modular Android payload framework with encrypted staging
Technical AnalysisAbout this happening: **MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...
Apple out-of-band iOS/iPadOS security updates (CVE-2026-28950)
Security Patch Release
First: 22.04.2026 23:58
Last: 22.04.2026 23:58
Sources 1
About this happening:
**Apple** released **out-of-band security updates** for **iPhone and iPad** on **April 22, 2026** to fix **CVE-2026-28950**. The patch addresses a **Notification Services** flaw t...
Apple out-of-band iOS/iPadOS security updates (CVE-2026-28950)
Security Patch ReleaseAbout this happening: **Apple** released **out-of-band security updates** for **iPhone and iPad** on **April 22, 2026** to fix **CVE-2026-28950**. The patch addresses a **Notification Services** flaw t...
Latest development: 23.04.2026 11:50
Apple issued **iOS 26.4.2**, **iPadOS 26.4.2**, **iOS 18.7.8**, and **iPadOS 18.7.8** on **2026-04-23** to close **CVE-2026-28950**, which could preserve deleted-message notifications on affected devices.
Malicious actor campaign expands across multiple victims
Campaign
First: 14.04.2026 19:37
Last: 14.04.2026 19:37
Sources 1
About this happening:
A **fake Ledger Live app** in **Apple’s App Store** drained about **$9.5 million** in cryptocurrency from **50 victims** in a few days, indicating a broader **wallet-theft campaig...
Malicious actor campaign expands across multiple victims
CampaignAbout this happening: A **fake Ledger Live app** in **Apple’s App Store** drained about **$9.5 million** in cryptocurrency from **50 victims** in a few days, indicating a broader **wallet-theft campaig...
Apple iOS 18.7.7 security update expansion for DarkSword
Security Patch Release
First: 02.04.2026 00:50
Last: 02.04.2026 00:50
Sources 1
About this happening:
Apple expanded **iOS 18.7.7** availability to more older **iPhones and iPads** on **April 1, 2026**, letting devices that stay on **iOS 18** receive protections against the **acti...
Apple iOS 18.7.7 security update expansion for DarkSword
Security Patch ReleaseAbout this happening: Apple expanded **iOS 18.7.7** availability to more older **iPhones and iPads** on **April 1, 2026**, letting devices that stay on **iOS 18** receive protections against the **acti...
Timeline
-
26.03.2026 15:10 2 articles · 2mo ago
Coruna analysis links the exploit kit to Operation Triangulation
Technical Analysis UpdateKaspersky links Coruna to the Operation Triangulation iPhone espionage framework, describing it as a continuously maintained successor that uses five full iOS exploit chains across 23 vulnerabilities, including CVE-2023-32434 and CVE-2023-38606, and noting expanded targeting for Apple's A17 and M3 chips, iOS up to 17.2, and financially motivated fake-exchange cryptocurrency theft campaigns.
Show sources
- Coruna iOS exploit framework linked to Triangulation attacks — www.bleepingcomputer.com — 26.03.2026 15:10
- Coruna iOS exploit framework linked to Triangulation attacks — www.bleepingcomputer.com — 26.03.2026 15:10