VulnHub

Recent findings from Kaspersky reveal that the Coruna iOS exploit kit is using an updated version of the kernel exploit code from the 2023 Operation Triangulation campaign. This exploit targets two specific vulnerabilities in Apple’s iOS, raising concerns about the potential for mass attacks against users. Initially, there wasn't enough evidence to connect Coruna to the earlier campaign, but researchers have now established a clear link. This means that devices running affected versions of iOS could be at risk from attackers leveraging these exploits. Users and organizations need to be vigilant and ensure their devices are updated to protect against these threats.

Kaspersky's GReAT team has identified a new exploit kit called Coruna, which specifically targets iPhones. This kit utilizes kernel exploits associated with two vulnerabilities, CVE-2023-32434 and CVE-2023-38606, and is an updated version of techniques used in Operation Triangulation. The existence of these exploits poses significant risks to iPhone users, as they could potentially allow attackers to gain unauthorized access to sensitive data or control over the devices. Users should be aware of these vulnerabilities and take steps to secure their devices against exploitation. The findings emphasize the need for continuous vigilance in mobile security as attackers evolve their methods.

A recent article discusses the growing issue of multi-channel impersonation attacks, where cybercriminals exploit outdated security controls to impersonate individuals across various communication platforms. These attacks often target employees within organizations, leading to unauthorized access to sensitive information and financial losses. Researchers emphasize that traditional security measures, such as basic email filtering and outdated authentication methods, are no longer sufficient to combat these sophisticated scams. Companies are urged to adopt more advanced security protocols, including multi-factor authentication and employee training on recognizing phishing attempts. The rise in these impersonation tactics poses a significant risk to businesses, making it crucial for them to reassess their security strategies.

Fortinet's FortiGuard Labs has released its 2026 Global Threat Landscape Report, revealing significant trends in cybersecurity threats. The report indicates a rise in sophisticated attacks targeting both enterprise and personal systems, particularly through ransomware and phishing schemes. These attacks are increasingly leveraging artificial intelligence to bypass traditional security measures. Companies across various sectors, including finance and healthcare, are particularly vulnerable, as attackers exploit their reliance on digital infrastructure. The findings stress the urgent need for organizations to enhance their security protocols and invest in advanced threat detection technologies to protect sensitive data and maintain operational integrity.

A recent report from cybersecurity firm SentinelOne warns about a significant rise in cyberattacks where hackers are using stolen enterprise credentials to impersonate legitimate users. This 'mass-marketed impersonation crisis' allows attackers to infiltrate organizations at an alarming scale, often bypassing traditional security measures. The report indicates that many companies may not even realize their identities have been compromised, making them vulnerable to various forms of exploitation. This issue affects a wide range of industries, emphasizing the need for organizations to enhance their security protocols and monitor for unusual activity. As attackers continue to refine their methods, the risk to sensitive data and operational integrity remains high.

Recent developments in ransomware attacks have seen threat actors using artificial intelligence to conduct faster and more sophisticated assaults. These attackers are bypassing traditional security measures by exploiting valid credentials, making it easier for them to infiltrate systems and access sensitive data. This new approach can lead to significant data breaches and financial losses for companies, as the speed and efficiency of these attacks increase. Organizations need to bolster their cybersecurity defenses and educate employees on credential management to mitigate these risks. The rise of AI in cybercrime highlights the urgent need for updated security strategies to keep pace with evolving threats.

The Tycoon2FA phishing platform has resumed operations after a previous takedown, utilizing advanced techniques known as AITM (Advanced In-The-Middle) to circumvent multi-factor authentication (MFA) protections. This service primarily targets users who rely on MFA for securing their accounts, making them particularly vulnerable to credential theft. Attackers can now exploit this platform to gain unauthorized access to sensitive information across various services. This resurgence poses a significant risk to individuals and organizations that depend on MFA as a security measure, as it undermines the effectiveness of this commonly used defense. Users must remain vigilant and consider additional security practices to protect their accounts.

QNAP has addressed four vulnerabilities that were demonstrated at the recent Pwn2Own hacking competition. These flaws could potentially allow attackers to access sensitive information, execute arbitrary code, or lead to unexpected device behavior. Users of QNAP products should be aware that these vulnerabilities pose real risks, making it essential to apply the latest patches to safeguard their systems. The company has released updates to fix these issues, highlighting the importance of keeping software up to date to protect against exploitation. Failure to patch could leave systems vulnerable to attacks that exploit these weaknesses.

Oracle has issued an emergency patch for a serious vulnerability, identified as CVE-2026-21992, affecting Oracle Identity Manager and Oracle Web Services Manager. This flaw allows attackers to exploit a missing authentication feature, potentially leading to remote code execution without prior authentication. While Oracle hasn't confirmed if this vulnerability has been actively exploited in the wild, they are urging all customers to apply the updates or implement alternative mitigations immediately. The lack of authentication for such a critical function poses significant risks for organizations using these services, emphasizing the need for prompt action to safeguard their systems.

Russian hackers linked to intelligence operations are increasingly targeting users of commercial messaging platforms, particularly Signal. According to warnings from the FBI and CISA, the hackers are focusing on individuals deemed valuable, such as government employees and journalists, who may have access to sensitive information. This campaign has reportedly compromised thousands of accounts on these messaging apps, exposing users to potential phishing attacks. Many users mistakenly believe that these platforms are secure, making them prime targets for exploitation. The situation is a reminder that even encrypted messaging services can be vulnerable to sophisticated hacking attempts.

The Cybersecurity and Infrastructure Security Agency (CISA) has directed U.S. government agencies to address three vulnerabilities in iOS that have been exploited in attacks related to cryptocurrency theft and cyberespionage, specifically using the DarkSword exploit kit. These vulnerabilities pose a significant risk, as they can allow attackers to gain unauthorized access to sensitive information on affected devices. The order to patch these flaws is crucial for protecting personal and governmental data from potential breaches. Agencies must act promptly to implement the necessary updates to safeguard against these threats. Failure to patch could leave systems vulnerable to exploitation by cybercriminals targeting financial assets and confidential information.