Security Check-in Quick Hits: AI-Driven IoT Vulnerabilities, Leaked US iPhone Spy Toolkit, and Quantum Hacking Defenses

For March 10, 2026

AI Unleashes Zero-Days on Smart Home Security – The Matter Protocol Under Siege

In the ever-evolving landscape of cybersecurity, artificial intelligence is proving to be a double-edged sword. Recent research has demonstrated how large language models (LLMs) like GPT-4 can accelerate vulnerability discovery in complex protocols, potentially exposing millions of smart home devices to attacks.

The Matter protocol, an open-source standard designed to foster interoperability among IoT devices from giants like Apple, Google, Amazon, and Samsung, has come under scrutiny. Security researchers Xiaoyue Ma, Lannan Luo, and Qiang Zeng from Concordia University developed an AI-assisted fuzzer that leveraged GPT-4 to digest over 1,200 pages of Matter documentation. This innovative approach mapped out fuzzing-relevant data structures, enabling the tool to uncover bugs at an unprecedented speed.

The results were alarming: the fuzzer identified 147 new vulnerabilities, including 61 previously unknown zero-days. These flaws could allow attackers to crash devices, leak sensitive information, or even execute arbitrary code on smart home gadgets. Presented at a 2024 security conference, this work highlights the vulnerabilities inherent in rapidly adopted standards like Matter, which aims to connect everything from light bulbs to thermostats seamlessly.

What makes this issue particularly pressing is the scale of adoption. With billions of IoT devices projected to be online by 2030, a compromised protocol like Matter could lead to widespread privacy breaches or even physical safety risks – imagine hackers manipulating smart locks or surveillance cameras.

To mitigate these threats, organizations and device manufacturers must prioritize AI-driven testing in their development pipelines. Patching these zero-days is crucial, but the research also underscores the need for more robust documentation and design practices in IoT standards. As AI tools become more accessible, both defenders and attackers will wield them, tipping the balance toward proactive security measures.

For those in the field, the full paper and slides offer deep insights into the methodology, emphasizing how LLMs can democratize advanced fuzzing techniques. This development serves as a wake-up call: in the IoT era, security must evolve as fast as the technology itself.

From US Arsenal to Global Threat – The Coruna iPhone Hacking Toolkit Goes Rogue

A chilling example of how government-grade cyber tools can backfire has emerged with the “Coruna” iPhone hacking toolkit, now circulating among foreign spies and cybercriminals. Originally suspected to be a US government creation, this sophisticated exploit chain has been repurposed for malicious ends, underscoring the dangers of the shadowy zero-day market.

Google researchers first spotted Coruna in February 2025, linked to a surveillance company’s client. By mid-2025, it was deployed by a suspected Russian spy group against Ukrainian websites, and later by cybercriminals targeting Chinese-language crypto and gambling sites. The toolkit exploits 23 iOS vulnerabilities to install malware silently via malicious websites, stealing cryptocurrency, photos, emails, and more. Notably, it avoids devices with Apple’s Lockdown Mode enabled, a feature designed for high-risk users.

Clues point to US origins: code similarities with the NSA-attributed “Triangulation” operation, English-language comments, and a professional, single-author design suggest it was built by a government contractor. Security firm iVerify likens it to the leaked EternalBlue exploit, which fueled global ransomware attacks like WannaCry.

The proliferation highlights an underground economy where exploit brokers resell tools to the highest bidder, often non-Western actors. Apple has since patched these vulnerabilities in iOS 26, restricting exploitation to older versions (iOS 13 to 17.2.1), primarily affecting Safari users. However, the damage is done – estimates suggest tens of thousands of devices may have been compromised.

This incident raises critical questions about government stockpiling of zero-days. While intended for national security, leaks can arm adversaries and criminals, eroding public trust in digital privacy. Users should enable Lockdown Mode if at risk, keep devices updated, and avoid suspicious sites. For policymakers, stricter regulations on exploit sales could curb this market.

As cyber tools democratize, the line between statecraft and crime blurs. The Coruna saga is a stark reminder that what’s built in secret rarely stays that way.

Australia Bets on Quantum-Resistant Chips to Counter Future Hacking Threats

As quantum computers inch closer to breaking current encryption, governments are racing to fortify defenses. In a timely move, the Australian government has awarded support to BTQ Technologies through its Industry Growth Program Advisory Service, accelerating the commercialization of a groundbreaking quantum-resistant chip.

BTQ’s Quantum Compute-in-Memory (QCIM) chip is a next-generation silicon platform designed for post-quantum cryptography. It enables secure, scalable computations that withstand quantum attacks, which could render traditional encryption obsolete by 2030. The funding provides strategic guidance to transition QCIM from a validated test chip to production-ready status, targeting sectors like defense, finance, telecom, and critical infrastructure.

Announced on March 9, 2026, this initiative aligns with Australia’s broader push for quantum innovation, including the Critical Technologies Challenge Program. BTQ, a Nasdaq-listed company, specializes in securing mission-critical networks against quantum threats. The QCIM chip integrates compute and memory for efficient post-quantum operations, addressing vulnerabilities in algorithms like RSA and ECC.

This development is crucial amid warnings from experts: quantum computers could decrypt sensitive data en masse, exposing everything from financial transactions to state secrets. By investing in hardware like QCIM, Australia positions itself as a leader in quantum security, potentially exporting the technology globally.

For businesses, the message is clear: start migrating to post-quantum standards now. NIST has already standardized new algorithms, and tools like BTQ’s could integrate them seamlessly. While quantum supremacy remains years away, proactive measures will prevent a “quantum apocalypse.”

This funding not only boosts BTQ but signals a global shift toward resilient cryptography. As quantum tech advances, so must our defenses – Australia’s support for QCIM is a smart step in that direction.