- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
Government iPhone Hacking Tools Leaked, Now Used by Cybercriminals
Security researchers warn of an emerging market for 'second hand' exploits as powerful hacking tools designed for governments are found in the hands of cybercriminals.
Mar. 3, 2026 at 11:27pm by Ben Kaplan
Got story updates? Submit your updates here. ›
Security researchers have identified a suite of powerful hacking tools capable of compromising Apple iPhones running older software that they say has passed from a government customer into the hands of cybercriminals. The exploit kit, dubbed Coruna, was first identified by Google in 2025 during a surveillance vendor's attempt to hack into someone's phone with spyware on behalf of a government customer. It has since been found used by Russian espionage groups and financially motivated hackers in China.
Why it matters
The discovery shows how exploits and back doors designed to be used by governments can leak and ultimately be abused by cybercriminals or other non-state actors. It highlights the risks of powerful hacking tools falling into the wrong hands and the need for robust security measures to prevent such leaks.
The details
The Coruna exploit kit can hack into an iPhone five separate ways by relying on and chaining together 23 separate vulnerabilities in its digital arsenal. Affected devices range from iPhone models running iOS 13 up to 17.2.1, which released in December 2023. The tools are powerful as they can bypass an iPhone's defenses simply through visiting a malicious website containing the exploit code.
- In February 2025, Google first identified the Coruna exploit kit during a surveillance vendor's attempt to hack into someone's phone with spyware on behalf of a government customer.
- Months later, Google found the same exploit kit targeting Ukrainian users in a broad-scale campaign by a Russian espionage group.
- The exploit kit was later found used by a financially motivated hacker in China.
The players
The tech giant that first identified the Coruna exploit kit and warned of its use by cybercriminals.
iVerify
A mobile security company that obtained and reverse-engineered the Coruna hacking tools, linking them to the U.S. government based on similarities to previously attributed hacking tools.
What they’re saying
“The more widespread the use, the more certain a leak will occur. While iVerify has some evidence that this tool is a leaked US government framework, that shouldn't overshadow the knowledge that these tools will find their way into the wild and will be used unscrupulously by bad actors.”
— iVerify
The takeaway
This case highlights the growing threat of powerful hacking tools designed for government use falling into the hands of cybercriminals, underscoring the need for robust security measures and responsible disclosure policies to prevent such leaks and mitigate the risks they pose to the public.
San Francisco top stories
San Francisco events
Apr. 4, 2026
MJ (Touring)
Apr. 4, 2026
MJ (Touring)