Coruna iOS exploit framework linked to Triangulation attacks
The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. [...]
Attackers sidestep encryption with spoofed apps and zero-click exploits to compromise 'high-value' mobile users CISA has warned that state-backed snoops and cyber-mercenaries are actively abusing commercial spyware to break into Signal and WhatsApp accounts, hijack devices, and quietly rummage through the phones of what the agency calls "high-value" users.…
A "sophisticated" attack that also exploits an Apple zero-day flaw is targeting a specific group of iPhone users, potentially with spyware.
WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks
Zenity CTO Michael Bargury joins the Black Hat USA 2025 News Desk to discuss research on a dangerous exploit, how generative AI technology has "grown arms and legs" —and what that means for cyber risk.
The Pwn2Own competition is offering a $1m reward to any teams able to unearth a WhatsApp code execution exploit
The Zero Day Initiative is offering a $1 million reward to security researchers who will demonstrate a zero-click WhatsApp exploit at its upcoming Pwn2Own Ireland 2025 hacking contest. [...]
A zero-click exploit called EchoLeak reveals how AI assistants like Microsoft 365 Copilot can be manipulated to leak sensitive data without user interaction. This entry breaks down how the attack works, why it matters, and what defenses are available to proactively mitigate this emerging AI-native threat.
Zero-day potentially tied to around 100 suspected infections in 2025 and a spyware scandal on the continent Apple has updated its iOS/iPadOS 18.3.1 documentation, confirming it introduced fixes for the zero-click vulnerability used to infect journalists with Paragon's Graphite spyware.…
Researchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this week that could have enabled sensitive data exfiltration via prompt injection attacks.
If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late
Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution
The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.
Israeli surveillance firm NSO Group reportedly used multiple zero-day exploits, including an unknown one named "Erised," that leveraged WhatsApp vulnerabilities to deploy Pegasus spyware in zero-click attacks, even after getting sued. [...]
If you haven't deployed August's patches, get busy before others do Windows users who haven't yet installed the latest fixes to their operating systems will need to get a move on, as code now exists to exploit a critical Microsoft vulnerability announced by Redmond two weeks ago.…
The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.
Potential Zero-Click Account Takeover Exploit Is Among Identified VulnerabilitiesResearchers at security firm Salt Security have uncovered multiple vulnerabilities in third-party plug-ins used in ChatGPT, including a zero-click account takeover flaw that was triggered when users attempted to install the plug-in using their ChatGPT accounts.
Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction
State-sponsored actors continue to exploit CVE-2023-23397, a dangerous no-interaction vulnerability in Microsoft's Outlook email client that was patched in March, in a widespread global campaign.