Overview
- CISA listed CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000 in its Known Exploited Vulnerabilities catalog and directed agencies to remediate them under BOD 22-01 by March 26.
- Google’s Threat Intelligence Group reports Coruna bundles 23 iOS exploits affecting devices from iOS 13.0 through 17.2.1, chaining WebKit RCE with mitigation bypasses to deliver a root payload that targets financial data and cryptocurrency wallets.
- GTIG observed the kit used by a surveillance-vendor customer, a suspected Russian espionage group (UNC6353) targeting Ukrainian users, and a financially motivated Chinese actor (UNC6691) that lured victims via fake gambling and crypto sites.
- Google recovered the full framework from a December 2025 incident attributed to UNC6691, enabling detailed analysis, publication of indicators, and mapping of five complete exploit chains.
- While BOD 22-01 applies to federal civilian agencies, CISA urged all organizations to prioritize patching, noting that Apple has issued fixes and that Lockdown Mode or private browsing thwarts the observed attack chains.