Daily Briefing for 03.04.26

Top stories.

• A possible US-developed exploit framework surfaces in global iOS attacks.
• Pro-Iranian hacktivists launch DDoS attacks.
• Maximum-severity FreeScout flaw enables full server compromise.
• Business news: Tasmanian security firm UpGuard secures $75 million in Series C funding.

A possible US-developed exploit framework surfaces in global iOS attacks.

Researchers have identified an iOS exploit framework that compromised at least 42,000 devices, CyberScoop reports. Notably, the framework appears to have been developed by the US government before being leaked into the wild and repurposed by criminals and foreign nation-states. Researchers at iVerify and the Google Threat Intelligence Group (GTIG) have published separate reports on the toolkit, with iVerify calling the campaign the "first observed mass exploitation of mobile phones, including iOS, by a criminal group using tools likely built by a nation-state."

GTIG explains, "The exploit kit, named 'Coruna' by its developers, contained five full iOS exploit chains and a total of 23 exploits. The core technical value of this exploit kit lies in its comprehensive collection of iOS exploits, with the most advanced ones using non-public exploitation techniques and mitigation bypasses."

The researchers have observed the exploit kit being used by China-based cybercriminals and by a Russian espionage actor targeting Ukrainians.

Pro-Iranian hacktivists launch DDoS attacks.

Radware is tracking pro-Iranian hacktivist activity following the launch of the US-Israeli military offensive in Iran on February 28th, noting, "The hacktivist threat in the Middle East is highly lopsided, with two groups, Keymous+ and DieNet, driving nearly 70% of all attack activity between February 28 and March 2." DDoS attacks targeted multiple Israeli telecommunications providers and technology organizations, as well as Saudi Arabian government entities, the government website of Qatar, and government, transportation, and infrastructure sites in Bahrain and the UAE.

Maximum-severity FreeScout flaw enables full server compromise.

FreeScout, an open-source help desk and shared mailbox service, has issued a fix for a maximum-severity patch bypass flaw (CVE-2026-28289), SecurityWeek reports. FreeScout released an initial patch for an authenticated remote code execution flaw (CVE-2026-27636) several days ago. Researchers at Ox Security then discovered a patch bypass that exacerbates the issue into a zero‑click, unauthenticated RCE flaw with a CVSS score of 10.0. Users are urged to update to FreeScout v1.8.207 as soon as possible.

Business news: Tasmanian security firm UpGuard secures $75 million in Series C funding.

Tasmania- and California-based cybersecurity and risk management startup UpGuard has secured $75 million in a Series C round led by Springcoast Partners, with participation from existing investors August Capital, Square Peg Capital, and Pelion Venture Partners. The company says the funding "will accelerate UpGuard’s next growth phase, including the expansion of its AI-powered Cyber Risk Posture Management (CRPM) platform capabilities, scaling global go-to-market functions, and pursuing strategic M&A."