-
Coruna iOS exploit framework linked to Triangulation attacks
The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits.
- March 26, 2026
- 09:10 AM
0
-
CISA orders feds to patch DarkSword iOS flaws exploited attacks
CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit.
- March 23, 2026
- 04:37 AM
0
-
New report: How browser-based attacks are bypassing your security controls
Browser-based attacks, from AITM phishing and ClickFix to malicious OAuth apps and session hijacking, are driving today's biggest breaches.
A new report from Push Security breaks down the techniques attackers are using, real-world case studies, and the detection gaps leaving security teams exposed.
-
New DarkSword iOS exploit used in infostealer attack on iPhones
A new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal information, including data from cryptocurrency wallet app.
- March 18, 2026
- 10:02 AM
- 0
-
Apple patches older iPhones and iPads against Coruna exploits
Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit.
- March 12, 2026
- 09:43 AM
- 0
-
Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks
A previously undocumented set of 23 iOS exploits named "Coruna" has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks.
- March 04, 2026
- 02:06 PM
- 1
-
Apple now offers $2 million for zero-click RCE vulnerabilities
Apple is announcing a major expansion and redesign of its bug bounty program, doubling maximum payouts, adding new research categories, and introducing a more transparent reward structure.
- October 10, 2025
- 12:50 PM
- 0
-
WhatsApp patches vulnerability exploited in zero-day attacks
WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks.
- August 29, 2025
- 12:31 PM
- 0
-
Sitecore CMS exploit chain starts with hardcoded 'b' password
A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers.
- June 17, 2025
- 11:10 AM
- 0
-
CISA: Hackers still exploiting older Ivanti bugs to breach networks
CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks.
- January 23, 2025
- 11:51 AM
- 0
-
Palo Alto Networks warns of firewall hijack bugs with public exploit
Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls.
- October 09, 2024
- 02:59 PM
- 0
-
Ivanti warns of another critical CSA flaw exploited in attacks
Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers.
- September 19, 2024
- 02:39 PM
- 0
-
Exploit for critical Progress Telerik auth bypass released, patch now
Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers.
- June 03, 2024
- 01:58 PM
- 0
-
CISA tags Microsoft SharePoint RCE bug as actively exploited
CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks.
- March 27, 2024
- 12:24 PM
- 0
-
ScreenConnect critical bug now under attack as exploit code emerges
Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.
- February 21, 2024
- 12:18 PM
- 1
-
Google says spyware vendors behind most zero-days it discovers
Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide.
- February 06, 2024
- 12:27 PM
- 4
-
Exploit for CrushFTP RCE chain released, patch now
A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords.
- November 18, 2023
- 10:06 AM
- 0
-
RCE exploit for Wyze Cam v3 publicly released, patch now
A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices.
- October 30, 2023
- 04:46 PM
- 1
-
Apple zero-click iMessage exploit used to infect iPhones with spyware
Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group's Pegasus commercial spyware onto fully patched iPhones.
- September 07, 2023
- 04:18 PM
- 0
-
Google finds more Android, iOS zero-days used to install spyware
Google's Threat Analysis Group (TAG) discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install commercial spyware and malicious apps on targets' devices.
- March 29, 2023
- 08:00 AM
- 0
-
Hackers earn $1,035,000 for 27 zero-days exploited at Pwn2Own Vancouver
Pwn2Own Vancouver 2023 has ended with contestants earning $1,035,000 and a Tesla Model 3 car for 27 zero-day (and several bug collisions) exploited between March 22 and 24.
- March 27, 2023
- 11:23 AM
- 0
0
- 1
- 2
