This week revealed pre-positioned access across every infrastructure layer simultaneously. Google and iVerify exposed Coruna, a nation-state iOS exploit kit with 23 exploits that proliferated from surveillance to espionage to mass criminal deployment in twelve months. Cisco disclosed a CVSS 10.0 SD-WAN zero-day exploited since 2023 with a three-year dwell time. Akamai traced APT28's exploitation of an MSHTML zero-day a month before Microsoft patched it. Google's Android update addressed 129 CVEs including a Qualcomm zero-day under active exploitation. Radware quantified 149 hacktivist DDoS attacks from 12 groups across 16 nations in 72 hours. VMware Aria Operations was added to the KEV catalog. The connecting pattern: the gap between capability creation and mass deployment is collapsing while the gap between compromise and detection continues to widen.

Links & Resources

• https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit
• https://iverify.io/blog/coruna-inside-the-nation-state-grade-ios-exploit-kit-we-ve-been-tracking
• https://cyberscoop.com/coruna-ios-exploit-kit-leaked-us-framework/
• https://thehackernews.com/2026/02/cisco-sd-wan-zero-day-cve-2026-20127.html
• https://www.akamai.com/blog/security-research/inside-the-fix-cve-2026-21513-mshtml-exploit-analysis
• https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html
• https://thehackernews.com/2026/03/149-hacktivist-ddos-attacks-hit-110.html
• https://thehackernews.com/2026/03/coruna-ios-exploit-kit-uses-23-exploits.html