Cybersecurity Headlines Possible iPhone-hacking toolkit used by spies, Hacker mass-mails HungerRush extortion emails, Tycoon 2FA phishing platform dismantled
16 snips
Mar 5, 2026 They discuss an iPhone hacking toolkit tied to espionage and multiple zero-day flaws. A mass extortion campaign used stolen employee credentials and branded domains to send threatening emails. Authorities dismantled a 2FA-phishing platform that targeted hundreds of thousands of organizations. A multi-country data marketplace takedown and waves of DDoS attacks are also covered.
AI Snips
Chapters
Transcript
Episode notes
Karuna iPhone Toolkit Crossed Espionage And Crime
- A modular iPhone exploit toolkit called Karuna likely infected tens of thousands of devices via 23 chained vulnerabilities.
- Google and iVerify traced campaigns from Russian espionage targeting Ukrainians to crypto theft against Chinese-speaking victims, and Apple patched these in iOS 26.
Treat Extortion Emails As Credential Compromise
- Investigate credential exposure after suspicious mass extortion emails and assume employee credential theft as a likely vector.
- Hunger Rush employees' stolen credentials from October 2025 correlated with Twilio SendGrid emails threatening millions of customer records, per researcher Alon Gal.
Subscription Phishing Platforms Fuel Mass 2FA Bypass
- Subscription phishing platforms can scale to massive impact by automating 2FA bypasses and credential capture.
- Tycoon 2FA facilitated tens of millions of monthly emails to 500,000 organizations and caused roughly 62% of Microsoft's block phishing attempts last year.