A sophisticated iOS exploit kit, initially used by a commercial surveillance vendor's customer, has been repurposed by a suspected Russian espionage group and subsequently by Chinese cybercriminals, indicating a thriving secondary market for high-end zero-day exploits. This exploit kit, known as Coruna, has undergone a significant transformation, evolving from a spy tool to a mass criminal campaign in under a year. The Google Threat Intelligence Group has identified this exploit kit as a significant threat, highlighting the ease with which zero-day exploits can be proliferated and repurposed by various threat actors1. The fact that Coruna has been used by multiple groups in a short span of time underscores the importance of prompt patching and vulnerability assessment. This exploit kit's rapid evolution and adoption by different threat actors pose a significant risk to iPhone users, making it essential for practitioners to assess their exposure and take immediate action to mitigate potential threats.