← Back to Security Blog
제품 업데이트 2026년 3월 8일 10분 읽기

Coruna iOS 익스플로잇 키트 KEV 등재, Cisco SD-WAN 대규모 악용, Google 2025년 제로데이 90건 — 2026-03-08

CISA adds the Coruna iOS 익스플로잇 kit targeting 23 취약점 to its Known 악용 Vulnerabilities list. Cisco Catalyst SD-WAN CVE-2026-20127 faces mass 익스플로잇ation from hundreds of IPs. Google's 2025 zero-day report reveals 90 익스플로잇ed zero-days — half targeting enterprises. Plus: ArmorCode and Evervault funding rounds, BoryptGrab stealer on GitHub, and Rockwell ICS flaws 익스플로잇ed 실전에서.


🍎 CISA, Coruna iOS 익스플로잇 키트 취약점 KEV 등재

⚠️ Federal Agencies Must Patch Immediately

CISA has added 23 취약점 익스플로잇ed by the Coruna iOS 익스플로잇 kit to its Known 악용 Vulnerabilities (KEV) catalog. The 국가 수준-grade 익스플로잇 kit targets iOS versions 13 through 17.2.1, chaining multiple flaws for full device compromise.

Key Details

Exploit Chain Architecture

Stage취약점 Type영향
초기 접근WebKit 메모리 손상원격 코드 실행 via malicious web content
Sandbox EscapeKernel 권한 상승Break out of WebKit sandbox
PersistenceSecurity framework bypassCircumvent code signing and app sandboxing
Full CompromiseKernel read/write primitiveComplete device control, 데이터 유출

📱 Action Required

Federal agencies face a mandatory patching deadline. All 조직은 해야 합니다 update iOS devices to the latest version immediately and audit their fleet for devices running iOS 13–17.2.1. Enterprise MDM solutions should enforce minimum OS version policies.


🌐 Cisco Catalyst SD-WAN CVE-2026-20127 대규모 악용 중

⚠️ Active Mass Exploitation in Progress

WatchTowr researchers report that CVE-2026-20127, a critical authentication bypass in Cisco Catalyst SD-WAN Manager, is now under mass 익스플로잇ation from numerous unique IP addresses worldwide.

취약점 Overview

Exploitation Telemetry

MetricValue
Unique attacking IPs400+ observed by WatchTowr
Geographic spreadGlobal — US, EU, APAC origins
First 익스플로잇ationLate February 2026 (targeted)
Mass 익스플로잇ation onsetMarch 6, 2026
Affected versionsAll Catalyst SD-WAN Manager prior to patch

🛡️ Immediate Actions

즉시 패치하세요 — Cisco released emergency patches. If patching isn't possible, restrict management interface access to trusted networks only. Check logs for unauthorized administrative sessions and API calls. Assume compromise if exposed to the internet.


📊 Google 2025 제로데이 보고서: 90건 악용 취약점

⚠️ Enterprise Targeting Reaches New 높음

Google's Threat Analysis Group (TAG) and Mandiant have published their annual zero-day 익스플로잇ation report for 2025, documenting 90 zero-day 취약점 익스플로잇ed 실전에서 — with a dramatic shift toward enterprise product targeting.

Key Findings

Zero-Day Trends 2023–2025

YearTotal Zero-DaysEnterprise-TargetedTop Attribution
20236224 (39%)Spyware vendors
20247333 (45%)Spyware vendors
20259045 (50%)Spyware vendors + China

🎯 Strategic Takeaway

The 50% enterprise targeting rate signals that attackers are shifting from consumer endpoints to enterprise infrastructure. Network security appliances (firewalls, VPNs) are now the #1 target class — organizations must prioritize patching edge devices and implementing defense-in-depth for network perimeters.


💰 ArmorCode, 노출 관리 플랫폼에 1,600만 달러 투자 유치

ArmorCode, the application security posture management (ASPM) company, has raised $16 million in new funding to accelerate development of its exposure management platform.

💡 Market Signal

The ASPM market continues to grow as organizations struggle with tool sprawl — the average enterprise runs 40+ security tools generating thousands of alerts daily. Consolidation platforms like ArmorCode address alert fatigue by providing unified visibility and intelligent prioritization.


🔐 Evervault, 개발자 중심 암호화로 시리즈 B 2,500만 달러 투자 유치

Evervault has closed a $25 million Series B round to expand its developer-focused encryption and data orchestration platform.

💡 Why It Matters

As data privacy regulations tighten globally, Evervault's approach of making encryption developer-friendly addresses a critical gap. Most breaches 익스플로잇 data stored in plaintext or with weak encryption — Evervault aims to make strong encryption the path of least resistance for developers.


🦠 BoryptGrab 스틸러, 100개 이상 GitHub 저장소를 통해 확산

⚠️ Supply Chain Attack via GitHub

Security researchers have identified over 100 malicious GitHub repositories distributing the BoryptGrab information stealer, targeting browser 자격 증명s, cryptocurrency wallet data, and session tokens.

Attack Methodology

BoryptGrab Capabilities

🛡️ Developer Protection

Verify GitHub repositories before cloning — check account age, commit history, and contributor profiles. Use dependency scanning tools in CI/CD pipelines. Never run code from unfamiliar repositories without review. Consider using GitHub's verified publisher badges as a trust signal.


🏭 Rockwell ICS 취약점 실전 악용 — 2021년 공개

⚠️ Legacy ICS 취약점 아니오w Under Active Exploitation

A Rockwell Automation ICS 취약점 originally disclosed in 2021 is now being 실전에서 활성 악용 중, highlighting the persistent risk of unpatched industrial control systems.

🏭 OT Security Reminder

This 익스플로잇ation underscores the OT patching gap — 취약점 disclosed years ago remain unpatched in many industrial environments. Organizations must implement network segmentation, monitor OT traffic for anomalies, and prioritize patching internet-facing ICS components. The convergence of IT and OT means enterprise 취약점 directly impact industrial safety.


📋 요약 및 조치 사항

Threat / EventSeverityAction Required
Coruna iOS 익스플로잇 kit → KEV🔴 치명적Patch all iOS devices, enforce MDM minimum versions
Cisco SD-WAN CVE-2026-20127🔴 치명적즉시 패치하세요, restrict management access
Google 90 zero-days report🟠 높음Prioritize edge device patching, defense-in-depth
ArmorCode $16M raise🟢 InfoEvaluate ASPM for 취약점 consolidation
Evervault $25M Series B🟢 InfoConsider encryption-as-code for data protection
BoryptGrab on GitHub🟠 높음Audit dependencies, scan for malicious packages
Rockwell ICS 익스플로잇ation🔴 치명적Patch OT systems, segment networks, monitor traffic

Protect Your Infrastructure with AI-Powered Security Testing

KENSAI continuously scans for 취약점, misconfigurations, and 침해 지표(IoC) — detecting threats like Coruna 익스플로잇 chains and SD-WAN bypasses before attackers strike.

Start Free Security Scan

Stay vigilant. Stay protected.

🗡️ KENSAI 제품 & Research Team