The submitted source material is a truncated excerpt from a vendor report on open source consumption trends and does not contain a CVE ID, affected product, vulnerability class, CVSS data, or remediation guidance. A factual vulnerability advisory cannot be produced without these elements. Resubmit with a complete vulnerability disclosure containing a CVE assignment, affected product versions, and patch details.

Google Threat Intelligence identified Coruna, a sophisticated iOS exploit kit leveraging 23 vulnerabilities across five complete exploit chains to silently install malware via drive-by web delivery. Former L3Harris Trenchant employees confirmed the toolkit originated within the US defense contractor's offensive cyber division before being sold to Russian intelligence, which has deployed it against targets in Ukraine. Organizations should enforce iOS Lockdown Mode on high-risk devices, deploy mobile threat defense tooling, and immediately ingest Google's published IOCs.

CVE-2026-3502 is a CWE-494 vulnerability in TrueConf Client where the update mechanism downloads and executes code without verifying integrity or authenticity. An attacker who can intercept or redirect update traffic via MITM, DNS hijacking, or a compromised update server can inject a malicious payload and achieve arbitrary code execution on affected endpoints. CISA has added this vulnerability to the KEV catalog with a federal agency patch deadline of April 16, 2026.

A zero-day vulnerability in TrueConf Server is under active exploitation, allowing attackers to execute arbitrary files on the server and propagate malicious payloads to all connected client endpoints. The flaw is remotely exploitable and does not require valid server credentials, placing all unpatched TrueConf Server deployments at critical risk. Organizations should patch immediately, isolate the server from untrusted networks, and conduct forensic triage on all endpoints with active sessions.

A recent study reveals Latin America's potential as a cybersecurity talent source due to its youthful, technically skilled workforce. Organizations must address regional infrastructure, language, and compliance challenges to effectively recruit and onboard talent from this region.

NoVoice is a newly discovered Android malware exploiting known privilege escalation vulnerabilities to gain root access. Distributed through over 50 malicious apps on Google Play with 2.3 million downloads, it collects user data and communicates with encrypted C2 servers. Detection requires monitoring root-level activity and network anomalies, while removal demands a factory reset and patching affected devices.

The White House's 2026 Cyber Strategy for America contains language suggesting the administration may authorize private companies to conduct offensive operations against adversary networks. No implementing guidance or statutory change has followed, meaning the Computer Fraud and Abuse Act remains the operative legal constraint. Security teams should not treat the strategy document as legal authorization and should review their active defense practices against current law.

A new cybercrime service automates persistent social engineering attacks aimed at stealing sensitive information. Targeting primarily Windows and mobile platforms, the service uses phishing techniques combined with encrypted exfiltration and adaptive persistence. Detection relies on monitoring phishing indicators and network anomalies, while removal requires credential resets and endpoint remediation.

CVE-2023-46805 (CVSS 8.2) and CVE-2024-21887 (CVSS 9.1) in Ivanti Connect Secure are being chained to achieve unauthenticated remote code execution on internet-exposed VPN gateways. China-nexus threat group UNC5221 exploited the pair as a zero-day beginning December 2023, deploying custom implants and harvesting credentials from compromised appliances. Organizations must apply Ivanti's patches, perform factory resets on suspected devices, and rotate all credentials that transited affected gateways.

TeamPCP, a threat actor group weaponizing security scanning tooling in supply chain attacks, has expanded its campaign through April 1, 2026, with confirmed victims including Databricks and AstraZeneca across dual ransomware and data exfiltration operations. This fifth intelligence update extends coverage from Update 004 and consolidates two days of new developments. Affected organizations should audit CI/CD and scanner tooling, hunt for lateral movement from build infrastructure, and verify backup isolation immediately.

2026 cybersecurity policies require enterprises to adopt risk-based assessments for AI tools and collaboration platforms, moving beyond outright bans. Compliance involves vulnerability management, data governance, and using secure vendor-approved tools, with penalties for non-adherence.

The Horabot dropper, attributed to Brazilian cybercrime group Augmented Marauder (also tracked as Water Saci by Trend Micro), delivers the Casbaneiro banking trojan to Spanish-speaking users across Latin America and Europe via targeted phishing campaigns. Casbaneiro performs credential harvesting through overlay attacks, clipboard hijacking, and keylogging, and abuses compromised Outlook accounts to self-propagate. SOC teams should implement scheduled task creation detections, block newly registered TLD outbound connections, and immediately rotate credentials on any confirmed infected host.