Cyber Blog

Security researchers have discovered a powerful iPhone hacking toolkit that may be used by espionage groups and cybercriminals. The toolkit, known as Coruna, contains several exploit chains capable of targeting older versions of Apple’s iOS operating system. Researchers found that the framework can identify the type of iPhone and operating system being used, then deliver a tailored exploit through malicious websites. The tool has been linked to espionage campaigns and has also appeared in criminal operations targeting financial data and cryptocurrency accounts. Experts believe the toolkit may have originally been developed for government surveillance purposes before spreading to other threat actors.

Investigators say the exploit framework includes multiple vulnerabilities that allow attackers to bypass Apple’s security protections and gain remote access to devices. The attacks can occur simply by visiting a compromised website that silently delivers malicious code. Evidence shows the toolkit has been used in different campaigns over time, including suspected Russian espionage activity against Ukrainian targets and later in criminal scams hosted on hundreds of websites designed to lure victims.

In a separate incident, a hacker conducted a mass email campaign targeting restaurants that use the HungerRush point-of-sale platform. The attacker sent threatening emails claiming that the company’s systems had been breached and demanded payment to prevent the release of sensitive data. However, investigations indicate that the messages were likely part of a large-scale extortion scam rather than proof of an actual breach. The emails attempted to pressure businesses into paying cryptocurrency by warning that customer information would be exposed if the demand was not met.

Authorities also announced the disruption of Tycoon 2FA, a major phishing-as-a-service platform used by cybercriminals to bypass multi-factor authentication protections. The service allowed attackers to create convincing phishing pages that could capture login credentials and authentication codes in real time. Law enforcement agencies and cybersecurity companies worked together to seize hundreds of domains associated with the platform and dismantle parts of its infrastructure.

Investigators say the phishing platform had been widely used to target organizations around the world, sending large volumes of fraudulent emails and stealing access to corporate email and cloud accounts. By offering phishing tools as a subscription service, Tycoon 2FA made it easier for criminals with little technical knowledge to launch sophisticated phishing attacks. The recent takedown highlights ongoing efforts by governments and security companies to disrupt large cybercrime networks and reduce the impact of phishing campaigns on businesses and organizations.