At 2:30 am Eastern time on Saturday, President Donald Trump posted a video to his Truth Social account announcing that the US had joined Israel in launching attacks on Iran.

His next post, just two hours later, appeared to suggest that the attacks were, at least in part, motivated by a wild claim that Iran had helped rig the 2020 US elections. “Iran tried to interfere in 2020, 2024 elections to stop Trump, and now faces renewed war with United States,” the president wrote on Truth Social.

The post linked to an article on Just the News, a conspiracy-filled, pro-Trump outlet that offered no explanation for its claim beyond the vague assertion that Iran operated “a sophisticated election influence effort” in 2020.

The White House did not respond to a request for comment on whether the alleged interference factored into the decision to attack Iran or what exactly the so-called interference amounted to.

Trump has spent the years since 2020 boosting numerous baseless conspiracy theories about the 2020 election being rigged. Since his return to the White House last year, he has empowered his administration to use those debunked conspiracy theories to inform decisionmaking, from election office raids in Fulton County, Georgia, to lawsuits over unredacted voter rolls.

It’s not exactly clear what supposed Iranian interference Trump was alluding to in his Truth Social post, but Patrick Byrne, a prominent conspiracy theorist who urged Trump to seize voting machines in the wake of the 2020 election, claims to WIRED that it is related to a broader conspiracy theory that also involves Venezuela and China.

Like most election-related conspiracy theories, this one is convoluted and based on no concrete evidence. In broad terms, the conspiracy theory, which first emerged in the weeks and months after the 2020 election and has grown more complex in the years since, claims that the Venezuelan government has been rigging elections across the globe for decades by creating the voting software company Smartmatic as a vehicle to remotely rig elections. (Smartmatic has repeatedly denied all allegations against it and successfully sued right-wing outlet Newsmax for promoting conspiracy theories and defaming the company.)

Byrne laid out the entire conspiracy theory in a 45-minute-long presentation posted to X in 2024. His claims have been widely shared within the election-denial community since it was posted.

Iran’s role in all of this, claims Byrne, was to hide the money trail. “They act as paymasters. They keep certain payments that would reveal this [operation] out of the banking system, out of the Swift system so you can’t see it,” claimed Byrne during this presentation “It’s done through a transfer pricing mechanism run through Iran in oil.”

When asked for evidence of Iran’s role in this conspiracy theory, Byrne did not respond. In fact, none of Byrne’s claims have ever been verified, and most have been repeatedly debunked. Smartmatic did not immediately respond to a request to comment.

There have been two actual documented instances of Iranian election interference, however: In 2021, the Justice Department charged two Iranians for conducting an influence operation designed to target and threaten US voters. And in 2024, the three Iranian hackers working for the government were charged with compromising the Trump campaign as part of an effort to disrupt the 2024 election.

Byrne’s allegations, however, have been wholly different. And while Byrne’s claims have been circulating among online conspiracy groups for years, they have been emailed directly to Trump in recent months by Peter Ticktin, a lawyer who has known Trump since they attended the New York Military Academy together. Ticktin also represents former Colorado election official turned election denial superstar Tina Peters.

Google notes that Apple patched vulnerabilities used by Coruna in the latest versions of its mobile operating system, iOS 26, so its exploitation techniques are only confirmed to work against iOS 13 through 17.2.1. It targets vulnerabilities in Apple’s Webkit framework for browsers, so Safari users on those older versions of iOS would be vulnerable, but there’s no confirmed techniques in the toolkit for targeting Chrome users. Google also notes that Coruna checks if an iOS devices has Apple’s most stringent security setting, known as Lockdown Mode, enabled, and doesn’t attempt to hack it if so.

Despite those limitations, iVerify says Coruna likely infected tens of thousands of phones. The company consulted with a partner that has access to network traffic and counted visits to a command-and-control server for the cybercriminal version of Coruna infecting Chinese-language websites. The volume of those connections suggest, iVerify says, that roughly 42,000devices may have already been hacked with the toolkit in the for-profit campaign alone.

Just how many other victims Coruna may have hit, including Ukrainians who visited websites infected with the code by the suspected Russian espionage operation, remains unclear. Google declined to comment beyond its published report. Apple did not immediately provide comment on Google or iVerify’s findings.

In iVerify’s analysis of the cybercriminal version of Coruna—it didn’t have access to any of the earlier versions—the company found that the code appeared to have been altered to plant malware on target devices designed to drain cryptocurrency from crypto wallets as well as steal photos and, in some cases, emails. Those additions, however, were “poorly written” compared to the underlying Coruna toolkit, according to iVerify chief product officer Spencer Parker, which he found to be impressively polished and modular.

“My god, these things are very professionally written,” Parker says of the exploits included in Coruna, suggesting that the cruder malware was added by the cybercriminals who later obtained that code.

As for the clues that suggest Coruna’s origins as a US government toolkit, iVerify’s Cole notes that it’s possible that Coruna’s code overlap with the Operation Triangulation code that Russia pinned on US hackers could be based on Triangulation’s components being picked up and repurposed after they were discovered. But Cole argues that’s unlikely. Many components of Coruna have never been seen before, he points out, and the whole toolkit appears to have been created by a “single author,” as he puts it.

“The framework holds together very well,” says Cole, who previously worked at the NSA, but notes that he’s been out of the government for more than a decade and isn’t basing any findings on his own outdated knowledge of US hacking tools. “It looks like it was written as a whole. It doesn’t look like it was pieced together.”

If Coruna is, in fact, a US hacking toolkit gone rogue, just how it got into foreign and criminal hands remains a mystery. But Cole points to the industry of brokers that may pay tens of millions of dollars for zero-day hacking techniques that they can resell for espionage, cybercrime, or cyberwar. Notably, Peter Williams, an executive of US government contractor Trenchant, was sentenced this month to seven years in prison for selling hacking tools to the Russian zero-day broker Operation Zero from 2022 to 2025. Williams’ sentencing memo notes that Trenchant sold hacking tools to the US intelligence community as well as others in the “Five Eyes” group of English-speaking governments—the US, UK, Australia, Canada and New Zealand—though it’s not clear what specific tools he sold or what devices they targeted.

“These zero-day and exploit brokers tend to be unscrupulous,” says Cole. “They sell to the highest bidder and they double dip. Many don’t have exclusivity arrangements. That’s very likely what happened here.”

“One of these tools ended up in the hands of a non-Western exploit broker, and they sold it to whoever was willing to pay,” Cole concludes. “The genie is out of the bottle.”

Alongside its price-friendly iPhone 17e and M4 iPad Air yesterday, Apple just announced a few updates to the MacBook Pro, MacBook Air, and its rarely-refreshed desktop display line.

The MacBook Air has now been updated to the latest M5 chip. It’s a fairly modest upgrade, but it brings it up to speed with Apple’s latest processor that debuted in the MacBook Pro last fall. There are no other major hardware changes—it now comes with 512 GB of starting storage with “faster SSD technology”—but you can still get the Air in either a 13- or 15-inch screen size.

This laptop also features Apple’s N1 wireless chip, which includes Wi-Fi 7 and Bluetooth 6 for the latest connectivity standards. It still comes with the standard 16 GB of RAM, and sadly, there’s a $100 price bump to account for the extra storage. It now starts at $1,099 for the 13-inch model and $1,299 for the 15-inch model. Apple says you can preorder it tomorrow, with sales kicking off on March 11.

More interestingly, Apple is expanding the M5 chip series with the M5 Pro and M5 Max, now available in the 14-inch and 16-inch MacBook Pro. Like previous generations of Apple silicon, the “Pro” and “Max” configurations add significantly improved multi-core CPU and graphics performance.

The M5 Pro and M5 Max can be configured with up to 18 CPU cores (12 performance cores and 6 “super” cores), up from 16 on the M4 Max. The M5 Pro can scale up to 20 GPU cores, while the M5 Max extends up to 40 GPU cores. Thanks to higher memory bandwidth, more efficient Neural Engine, and improved GPU architecture, Apple says the M5 Pro and M5 Max have “over 4X the peak CPU compute for AI” compared to the last generation and offer 20 percent better GPU performance.

The new MacBook Pros don’t include any other hardware changes; things have stayed largely the same since 2021—same port selection, Mini-LED display, speakers, and webcam. Even the claimed 24-hour battery life hasn’t changed from the M4 models, which came out in late 2024. Interestingly, as recently as last week, Bloomberg reported that Apple plans to launch a more significant update to the MacBook Pro later this fall, which will reportedly debut the M6 chip, an OLED touchscreen, and a thinner chassis.

Like the MacBook Air, all versions of the M5 Pro or M5 Max MacBook Pros come with twice the storage and a slightly higher starting price. Coming with 1 TB, the 14-inch M5 Pro now starts at $2,199, and the 16-inch model at $2,699. That’s $200 more than last year’s machines. Meanwhile, M5 Max prices start at $3,599.