Google Threat Intelligence Group and iVerify published simultaneous research on Coruna, a nation-state-grade iOS exploit kit containing 23 exploits across five full attack chains targeting iOS 13 through 17.2.1. The kit proliferated from a commercial surveillance vendor to state-linked espionage operations to mass criminal deployment in under twelve months — marking the first observed mass exploitation of mobile devices using nation-state-grade tools. Combined with this week's Cisco SD-WAN three-year dwell time (compliance deadline tonight), APT28's MSHTML zero-day, and a Qualcomm Android zero-day under active exploitation, defenders face a convergence of advanced capabilities being deployed simultaneously across network, desktop, and mobile layers.

Links & Resources

• https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit
• https://thehackernews.com/2026/03/coruna-ios-exploit-kit-uses-23-exploits.html
• https://www.helpnetsecurity.com/2026/03/03/coruna-ios-exploit-kit/
• https://iverify.io/blog/coruna-inside-the-nation-state-grade-ios-exploit-kit-we-ve-been-tracking
• https://cyberscoop.com/coruna-ios-exploit-kit-leaked-us-framework/
• https://thehackernews.com/2026/02/cisco-sd-wan-zero-day-cve-2026-20127.html
• https://www.akamai.com/blog/security-research/inside-the-fix-cve-2026-21513-mshtml-exploit-analysis
• https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html