Neural Newscast

menu close

Coruna Framework and Crunchyroll's 8 Million Ticket Breach [Prime Cyber Insights]

/ 05:23/E1296
Today’s briefing analyzes the evolution of the Coruna framework, a highly sophisticated iOS exploit kit recently detailed by researchers at Kaspersky and Google. The framework is an updated version of the tools used in Operation Triangulation and leverages vulnerabilities like CVE-2023-32434 and CVE-2023-38606 to target modern Apple hardware, including the A17 and M3 chips. We also examine a significant data breach at anime streaming giant Crunchyroll, where a compromise of a third-party customer support vendor, Telus Digital, resulted in the theft of approximately eight million support tickets containing 6.8 million unique email addresses. Additionally, we highlight a critical security fix in Microsoft Authenticator discovered by researcher Khaled Mohamed, which addressed a deep-link vulnerability that could have enabled account takeovers. Host Aaron Cole and Lauren Mitchell are joined by security leader Chad Thompson to discuss the implications of these modular exploit frameworks and the persistent challenges of securing the enterprise supply chain against targeted mobile APTs.

On this episode of Prime Cyber Insights, we break down the technical emergence of the Coruna framework, a unified iOS exploitation tool that indicates a strategic evolution from the previous Operation Triangulation campaign. We investigate the specific components of this kit, including its modular payload structure and support for the latest Apple silicon. The briefing then shifts to the supply chain vulnerability that impacted Crunchyroll through its support partner, Telus Digital, exposing millions of customer records. Finally, we discuss the responsible disclosure of CVE-2026-26123, a flaw in Microsoft Authenticator that illustrates the risks of deep-link interception on mobile platforms. This episode provides practitioners with essential context on high-end mobile threats and third-party identity risks.

Topics Covered

  • 📱 Evolution of the Coruna unified iOS exploit framework
  • 🚨 Crunchyroll's support data breach via Telus Digital and Zendesk
  • 🔐 Microsoft Authenticator's deep-link vulnerability CVE-2026-26123
  • 🛡️ Practitioner strategies for mobile APT and supply chain resilience

Disclaimer: This briefing is for informational purposes only and does not constitute professional security advice.

Neural Newscast is AI-assisted, human reviewed. View our AI Transparency Policy at NeuralNewscast.com.

Coruna Framework and Crunchyroll's 8 Million Ticket Breach [Prime Cyber Insights]

headphones Listen Anywhere

More Options »
Broadcast by