Mar 09, 2026

I just heard about a major security threat targeting older iPhones through a sophisticated exploit kit called “Coruna.” This toolkit leverages 23 different vulnerabilities to compromise devices running iOS versions from 13.0 up to 17.2.1, simply by users visiting a malicious website. Once infected, the malware steals sensitive information, with a particular focus on cryptocurrency wallets and recovery phrases stored in notes and images. The scale of this attack is massive, potentially affecting tens of thousands of users. The urgent takeaway is that anyone still on an older iOS version needs to update immediately to iOS 18 or later, as those updates patch all the vulnerabilities Coruna exploits.

At the same time, there’s breaking news about a serious breach at the FBI that involved their wiretap and surveillance systems. Hackers managed to infiltrate networks responsible for managing wiretap operations and foreign intelligence surveillance warrants. While the FBI says they have contained the intrusion, the full extent of the damage is still unknown. This incident exposes a critical weakness in national security infrastructure and demands immediate attention to shore up defenses and prevent further compromise.

Other troubling cybersecurity incidents have come to light recently as well. A malware attack crippled phone systems in a New Jersey county, disrupting government services. A critical zero-click remote code execution vulnerability was found in the FreeScout help desk software, allowing attackers to take control without any user action. Additionally, a widely used WordPress plugin is being exploited to create rogue administrator accounts, putting countless websites at risk. It’s crucial that organizations and users apply patches and updates without delay to protect their systems.

On the data breach front, the aftermath of the Scattered Spider attack on Transport for London has revealed the exposure of personal data for about 10 million people—a massive privacy concern. In another alarming case, $48 million in cryptocurrency was stolen after a South Korean tax agency accidentally exposed a wallet’s seed phrase, highlighting the catastrophic consequences of poor key management. Both incidents underline the urgent need for organizations handling sensitive data or cryptocurrency to reassess and strengthen their security protocols immediately.

Finally, there’s some good news with law enforcement successfully dismantling “The Dark Lords,” one of the largest English-speaking hacker forums, dealing a blow to a major cybercriminal marketplace. However, the cyber threat landscape remains highly unstable. Following recent crackdowns, we’re seeing a surge in Distributed Denial of Service (DDoS) attacks, and spyware vendors are reportedly exploiting more zero-day vulnerabilities than many nation-states. This means continuous vigilance and proactive security measures remain absolutely essential for everyone.

Stay Well!