Operation Triangulation updated iPhone espionage campaign
Campaign
Summary
Hide ▲
Show ▼
The Operation Triangulation espionage lineage has resurfaced through Coruna, extending zero-click iPhone targeting to newer A17 and M3 devices and iOS 17.2. The kit includes five full iOS exploit chains and uses 23 vulnerabilities, including CVE-2023-32434 and CVE-2023-38606. The original operation began in 2019 and was uncovered in June 2023 after silent infection of iPhones via iMessage. The same framework has since been reused in cryptocurrency theft campaigns, widening the risk beyond espionage.
Related Happenings
Apple iOS, macOS, and Safari security updates (multiple vulnerabilities)
Security Patch Release
H score33
First: 30.06.2026 10:15
Last: 30.06.2026 10:15
Sources 1
About this happening:
**Apple** released security updates for **iOS**, **macOS**, and **Safari** that fix **over three dozen flaws**, including **four WebKit vulnerabilities**. The update bundle covers...
Apple iOS, macOS, and Safari security updates (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: **Apple** released security updates for **iOS**, **macOS**, and **Safari** that fix **over three dozen flaws**, including **four WebKit vulnerabilities**. The update bundle covers...
Apple Passwords app and Safari add Apple Intelligence-powered automatic password repair
Security Tool/Service
H score10
First: 09.06.2026 00:03
Last: 09.06.2026 00:03
Sources 1
About this happening:
**Apple Passwords app** and **Safari** are adding an **Apple Intelligence** feature that can automatically repair weak or compromised passwords, reducing password-hygiene risk for...
Apple Passwords app and Safari add Apple Intelligence-powered automatic password repair
Security Tool/ServiceAbout this happening: **Apple Passwords app** and **Safari** are adding an **Apple Intelligence** feature that can automatically repair weak or compromised passwords, reducing password-hygiene risk for...
IOS 26.5 beta rolls out default end-to-end encrypted RCS messaging on iPhone and Android
Security Tool/Service
H score11
First: 12.05.2026 08:18
Last: 12.05.2026 08:18
Sources 1
About this happening:
Apple's **iOS 26.5** beta adds **default end-to-end encrypted RCS** messaging for **iPhone** and **Android** users, strengthening privacy in cross-platform chats. The rollout cove...
IOS 26.5 beta rolls out default end-to-end encrypted RCS messaging on iPhone and Android
Security Tool/ServiceAbout this happening: Apple's **iOS 26.5** beta adds **default end-to-end encrypted RCS** messaging for **iPhone** and **Android** users, strengthening privacy in cross-platform chats. The rollout cove...
MiningDropper (BeatBanker) modular Android payload framework with encrypted staging
Technical Analysis
H score22
First: 24.04.2026 14:48
Last: 24.04.2026 14:48
Sources 1
About this happening:
**MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...
MiningDropper (BeatBanker) modular Android payload framework with encrypted staging
Technical AnalysisAbout this happening: **MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...
Apple out-of-band iOS/iPadOS security updates (CVE-2026-28950)
Security Patch Release
H score28
First: 22.04.2026 23:58
Last: 22.04.2026 23:58
Sources 1
About this happening:
**Apple** released **out-of-band security updates** for **iPhone and iPad** on **April 22, 2026** to fix **CVE-2026-28950**. The patch addresses a **Notification Services** flaw t...
Apple out-of-band iOS/iPadOS security updates (CVE-2026-28950)
Security Patch ReleaseAbout this happening: **Apple** released **out-of-band security updates** for **iPhone and iPad** on **April 22, 2026** to fix **CVE-2026-28950**. The patch addresses a **Notification Services** flaw t...
Latest development: 23.04.2026 11:50
Apple issued **iOS 26.4.2**, **iPadOS 26.4.2**, **iOS 18.7.8**, and **iPadOS 18.7.8** on **2026-04-23** to close **CVE-2026-28950**, which could preserve deleted-message notifications on affected devices.
Timeline
-
26.03.2026 15:10 2 articles · 3mo ago
Coruna analysis links the exploit kit to Operation Triangulation
Technical Analysis UpdateKaspersky links Coruna to the Operation Triangulation iPhone espionage framework, describing it as a continuously maintained successor that uses five full iOS exploit chains across 23 vulnerabilities, including CVE-2023-32434 and CVE-2023-38606, and noting expanded targeting for Apple's A17 and M3 chips, iOS up to 17.2, and financially motivated fake-exchange cryptocurrency theft campaigns.
Show sources
- Coruna iOS exploit framework linked to Triangulation attacks — www.bleepingcomputer.com — 26.03.2026 15:10
- Coruna iOS exploit framework linked to Triangulation attacks — www.bleepingcomputer.com — 26.03.2026 15:10