Risky Business Podcast
March 11, 2026
Risky Business #828 -- The Coruna exploits are truly exquisite
Presented by
Enterprise Technology Editor
Technology Editor
CEO and Publisher
On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:
- The Coruna exploits were L3 Harris, but it seems Triangulation… was not!
- Iran’s cyber HQ hit by Israeli (kinetic) strikes
- Trump’s cyber “strategy” is … well, all we’ve got is jokes cause there’s no serious content
- NSA and CyberCom finally get a leader after Lt Gen Joshua Rudd gets Senate nod
- DOGE (remember them?!) employee walked a social security database out on a USB stick
This episode is sponsored by open source cloud security scanner Prowler. Creator and CEO Toni de la Fuente talks to Pat about some of the enterprise features Prowler is growing, while remaining true to its open source roots.
This episode is also available on Youtube.
Brought to you by Prowler
Opensource cloud security tool
Show notes
Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit From JavaScript
GitHub - matteyeux/coruna: deobfuscated JS and blobs
US military contractor likely built iPhone hacking tools used by Russian spies in Ukraine
APT36: A Nightmare of Vibeware
State-linked actors targeted US networks in lead-up to Iran war
Iranian cyber warfare HQ allegedly hit by Israel
Last 2 names of 6 US soldiers who died in Kuwait attack identified by the Pentagon
Signal, WhatsApp users face Russian phishing push, Dutch warn
Samuel Bendett on X: "Russian military told it couldn't use Telegram messaging app"
FBI investigating ‘suspicious’ cyber activities on critical surveillance network
Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime
President Trump’s CYBER STRATEGY for America
UK plans to shift fraud fight onto telecoms, tech companies
Trump to hit Anthropic with executive order to remove "woke" AI Claude
Anthropic launches code review tool to check flood of AI-generated code
CrowdStrike reports record quarter amid investor concerns about AI impact
Critical defect in Java security engine poses serious downstream security risks
Gen. Joshua Rudd confirmed as NSA, Cyber Command head
Plankey’s nomination as CISA director now in jeopardy
DOGE employee stole Social Security data and put it on a thumb drive, report says
Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel
Facts Only
L3 Harris potentially involved in Coruna exploits
Triangulation not involved in Coruna exploits (implicit)
Iran's cyber HQ allegedly hit by Israeli kinetic strikes
US military contractor, DOGE, employee walked Social Security database on a USB stick
Russian phishing push on Signal and WhatsApp users, Dutch warn
FBI investigating cyber activities on critical surveillance network
President Trump's cyber strategy criticized
NSA and CyberCom leadership confirmed with Lt Gen Joshua Rudd
CISA director nomination's status in jeopardy
Executive Summary
Full Take
When examining this article, it's essential to recognize the ongoing cybersecurity threats and the role of various entities, including military contractors and nation-states, in these issues. The Coruna exploits serve as a stark reminder of the potential risks associated with cyber weapons and the need for accountability. The alleged attack on Iran's cyber headquarters by Israel highlights the geopolitical aspects of cyberwarfare. Meanwhile, the continued phishing attempts on popular messaging platforms suggest that individual users must also remain vigilant. The lack of a clear, effective cyber strategy from the US government underscores the need for more proactive measures to combat cybercrime.
Patterns detected: ARC-0024 Ambiguity (implicit references to Triangulation and Coruna), ARC-0043 Motte-and-Bailey (Trump's cyber strategy contains jokes but lacks serious content).
Root Cause: The cybersecurity landscape is shaped by geopolitical tensions, the proliferation of cyber weapons, and the need for effective policies and strategies to address these challenges.
Implications: These developments have significant implications for human agency and dignity, as they impact the security and privacy of individuals, businesses, and nations. The costs of cybercrime are often borne by the most vulnerable, while the benefits accrue to those with the most resources.
Bridge Questions: What role should governments play in regulating and addressing cybersecurity threats? How can businesses and individuals protect themselves from these threats more effectively? What alternatives to the current state of cybersecurity policies and strategies exist?
