Security researchers have discovered the iOS exploit kit Coruna, which comprises over 20 vulnerabilities that can be chained into multiple complete exploitation chains. Primarily targeting older iOS devices, the toolkit has been used by multiple threat actors in real-world cyberattacks, drawing significant attention from the security community.
The U.S. Department of Justice and Europol announced a coordinated law enforcement operation involving 14 countries that successfully shut down the hacker forum LeakBase this week. The operation seized personal data of 142,000 members and resulted in multiple arrests. The international effort aims to combat cybercrime and dismantle illegal data trading platforms.
Security firm BlueVoyant released threat analysis in March revealing that Russian-linked hacker group UAC-0050 conducted a social engineering attack against a European financial institution in February. The attackers impersonated Ukrainian judicial institutions via email to distribute RMS remote access tools. Ukraine's CERT-UA tracks the threat actor as UAC-0050, also known as DaVinci Group or Agency DaVinci, while BlueVoyant named the campaign Mercenary Akula.
Tycoon2FA, a major phishing toolkit rental platform exposed two years ago, has been successfully dismantled through a coordinated international law enforcement operation. Europol partnered with multiple technology and cybersecurity companies to take down over 330 domains and related infrastructure associated with the platform, disrupting widespread phishing and fraud activities.
Kaspersky released a research report in February revealing Keenadu, an Android backdoor program. The malware can be injected during device firmware build stages and integrated into Android system components, causing infected devices to ship with malicious code pre-installed. Over 13,000 devices have been identified as affected, with some being used for ad fraud and Android botnet activities.
Cisco released security updates this week to address two critical vulnerabilities in Secure Firewall Management Center (Secure FMC). Both vulnerabilities carry a CVSS score of 10.0, representing the highest severity level. The patches aim to protect users' firewall management systems from potential security threats.
Akamai's security research team SIRT reported that Zerobot, a Mirai variant botnet, is actively exploiting two known vulnerabilities—CVE-2025-7544 and CVE-2025-68613—to attack Tenda routers and n8n workflow automation platforms. The team observed exploitation attempts in their global honeypot network in mid-January 2026, with overall activity traceable back to early December 2025.
Password management service LastPass has warned of a new phishing campaign targeting its users. Attackers are using forged email conversations and fake login pages to trick users into revealing their master passwords and account credentials. The campaign aims to compromise user accounts and gain unauthorized access to password vaults. LastPass advises users to remain vigilant against such social engineering attempts.
Commvault, a backup and data protection software vendor, announced an expanded partnership with cybersecurity platform CrowdStrike. The company will integrate its AI-powered anomaly detection capabilities into CrowdStrike's Falcon Next-Gen SIEM platform to help enterprises detect and respond more accurately and rapidly to potential data breach incidents.