Coruna iOS Exploit Kit Goes Mass-Market

In this episode of Cybersecurity Today, CEO David Shipley covers several major cybersecurity developments: Google’s Threat Intelligence Group details Coruna, a sophisticated iOS exploit kit with 23 exploits and multiple chains affecting iOS 13–17.2.1, shifting from targeted surveillance use to cryptocurrency-scam distribution and a PlasmaLoader payload aimed at stealing wallet data. The FBI is investigating suspicious activity involving its Digital Collection System Network used to support wiretaps and surveillance, with concerns about third-party vendor exposure and broader federal agency targeting. Microsoft reports a new ClickFix variation that abuses Windows Terminal to deploy the Luma Stealer via encoded commands, persistence, Defender exclusions, and browser injection. The show also reviews Iran-linked cyber activity by MuddyWater and others amid regional conflict, including new backdoors and cloud-based exfiltration, and reports that Iranian drone strikes hit AWS data centers in the UAE and Bahrain, causing outages and highlighting data centers as battlefield targets.