Daily Security Briefing #182

March 3, 2026 | Read Online

GRIDTIDE disrupted, Claude Code vulnerabilities exposed, and AI training data poisoning…

Executive Summary

Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. The recent Coruna exploit kit highlights the growing threat landscape for iOS devices. Meanwhile, critical vulnerabilities in Silver Dragon’s tactics have been exposed, and AI training data poisoning has become a growing concern.

The MIT Technology Review’s article on Moltbook raises questions about the autonomy of AI agents. Additionally, compromised site management panels are being sold in bulk across underground channels as plug-and-play phishing and scam infrastructure.

Top Articles

Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit Google Threat Intelligence Group has identified a new exploit kit targeting Apple iPhone models running iOS version 13.0 to version 17.2.1. The Coruna exploit kit contains five full iOS exploit chains and a total of 23 exploits. Google Cloud Blog

Silver Dragon: China Nexus Cyber Espionage Group Targeting Governments in Asia and Europe A Chinese-aligned threat group, designated as Silver Dragon, targets organizations in Southeast Asia and Europe. The group gains initial access through exploitation of public-facing servers and targeted phishing campaigns. Checkpoint Blog

Starkiller Phishing Framework Uses Real Login Pages to Evade MFA Protections Cybercriminals have unleashed Starkiller, a sophisticated phishing tool that tricks users by serving genuine login pages from major brands. This lets attackers steal not just passwords but session cookies and tokens after victims complete multi-factor authentication. Cyberpress

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework. The intrusions involved email spam as lures, followed by a phone call from “IT Support”. The Hacker News

Go Crypto Malware Steals Credentials and Deploys Rekoobe Backdoor via Supply Chain Breach A malicious Go module has been exploiting the Go ecosystem by impersonating a legitimate cryptography library. This module captures sensitive credentials and deploys a Rekoobe backdoor. Cyberpress

Compromised Site Management Panels are a Hot Item in Cybercrime Markets Compromised cPanel credentials are being sold in bulk across underground channels as plug-and-play phishing and scam infrastructure. Flare explains how analyzing 200,000 underground posts reveals a commoditized market for hacked site management panels. Bleeping Computer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.