CISA adds the Coruna iOS 익스플로잇 kit targeting 23 취약점 to its Known 악용 Vulnerabilities list. Cisco Catalyst SD-WAN CVE-2026-20127 faces mass 익스플로잇ation from hundreds of IPs. Google's 2025 zero-day report reveals 90 익스플로잇ed zero-days — half targeting enterprises. Plus: ArmorCode and Evervault funding rounds, BoryptGrab stealer on GitHub, and Rockwell ICS flaws 익스플로잇ed 실전에서.
CISA has added 23 취약점 익스플로잇ed by the Coruna iOS 익스플로잇 kit to its Known 악용 Vulnerabilities (KEV) catalog. The 국가 수준-grade 익스플로잇 kit targets iOS versions 13 through 17.2.1, chaining multiple flaws for full device compromise.
| Stage | 취약점 Type | 영향 |
|---|---|---|
| 초기 접근 | WebKit 메모리 손상 | 원격 코드 실행 via malicious web content |
| Sandbox Escape | Kernel 권한 상승 | Break out of WebKit sandbox |
| Persistence | Security framework bypass | Circumvent code signing and app sandboxing |
| Full Compromise | Kernel read/write primitive | Complete device control, 데이터 유출 |
Federal agencies face a mandatory patching deadline. All 조직은 해야 합니다 update iOS devices to the latest version immediately and audit their fleet for devices running iOS 13–17.2.1. Enterprise MDM solutions should enforce minimum OS version policies.
WatchTowr researchers report that CVE-2026-20127, a critical authentication bypass in Cisco Catalyst SD-WAN Manager, is now under mass 익스플로잇ation from numerous unique IP addresses worldwide.
| Metric | Value |
|---|---|
| Unique attacking IPs | 400+ observed by WatchTowr |
| Geographic spread | Global — US, EU, APAC origins |
| First 익스플로잇ation | Late February 2026 (targeted) |
| Mass 익스플로잇ation onset | March 6, 2026 |
| Affected versions | All Catalyst SD-WAN Manager prior to patch |
즉시 패치하세요 — Cisco released emergency patches. If patching isn't possible, restrict management interface access to trusted networks only. Check logs for unauthorized administrative sessions and API calls. Assume compromise if exposed to the internet.
Google's Threat Analysis Group (TAG) and Mandiant have published their annual zero-day 익스플로잇ation report for 2025, documenting 90 zero-day 취약점 익스플로잇ed 실전에서 — with a dramatic shift toward enterprise product targeting.
| Year | Total Zero-Days | Enterprise-Targeted | Top Attribution |
|---|---|---|---|
| 2023 | 62 | 24 (39%) | Spyware vendors |
| 2024 | 73 | 33 (45%) | Spyware vendors |
| 2025 | 90 | 45 (50%) | Spyware vendors + China |
The 50% enterprise targeting rate signals that attackers are shifting from consumer endpoints to enterprise infrastructure. Network security appliances (firewalls, VPNs) are now the #1 target class — organizations must prioritize patching edge devices and implementing defense-in-depth for network perimeters.
ArmorCode, the application security posture management (ASPM) company, has raised $16 million in new funding to accelerate development of its exposure management platform.
The ASPM market continues to grow as organizations struggle with tool sprawl — the average enterprise runs 40+ security tools generating thousands of alerts daily. Consolidation platforms like ArmorCode address alert fatigue by providing unified visibility and intelligent prioritization.
Evervault has closed a $25 million Series B round to expand its developer-focused encryption and data orchestration platform.
As data privacy regulations tighten globally, Evervault's approach of making encryption developer-friendly addresses a critical gap. Most breaches 익스플로잇 data stored in plaintext or with weak encryption — Evervault aims to make strong encryption the path of least resistance for developers.
Security researchers have identified over 100 malicious GitHub repositories distributing the BoryptGrab information stealer, targeting browser 자격 증명s, cryptocurrency wallet data, and session tokens.
Verify GitHub repositories before cloning — check account age, commit history, and contributor profiles. Use dependency scanning tools in CI/CD pipelines. Never run code from unfamiliar repositories without review. Consider using GitHub's verified publisher badges as a trust signal.
A Rockwell Automation ICS 취약점 originally disclosed in 2021 is now being 실전에서 활성 악용 중, highlighting the persistent risk of unpatched industrial control systems.
This 익스플로잇ation underscores the OT patching gap — 취약점 disclosed years ago remain unpatched in many industrial environments. Organizations must implement network segmentation, monitor OT traffic for anomalies, and prioritize patching internet-facing ICS components. The convergence of IT and OT means enterprise 취약점 directly impact industrial safety.
| Threat / Event | Severity | Action Required |
|---|---|---|
| Coruna iOS 익스플로잇 kit → KEV | 🔴 치명적 | Patch all iOS devices, enforce MDM minimum versions |
| Cisco SD-WAN CVE-2026-20127 | 🔴 치명적 | 즉시 패치하세요, restrict management access |
| Google 90 zero-days report | 🟠 높음 | Prioritize edge device patching, defense-in-depth |
| ArmorCode $16M raise | 🟢 Info | Evaluate ASPM for 취약점 consolidation |
| Evervault $25M Series B | 🟢 Info | Consider encryption-as-code for data protection |
| BoryptGrab on GitHub | 🟠 높음 | Audit dependencies, scan for malicious packages |
| Rockwell ICS 익스플로잇ation | 🔴 치명적 | Patch OT systems, segment networks, monitor traffic |
KENSAI continuously scans for 취약점, misconfigurations, and 침해 지표(IoC) — detecting threats like Coruna 익스플로잇 chains and SD-WAN bypasses before attackers strike.
Start Free Security ScanStay vigilant. Stay protected.
🗡️ KENSAI 제품 & Research Team