A supply chain attack compromising the widely-used npm package 'art-template' was discovered delivering the Coruna exploit kit to iOS devices. The injected JavaScript acts as a sophisticated watering hole framework, utilizing extensive anti-bot fingerprinting and WebAssembly memory probes to deliver version-specific WebKit RCE exploits targeting Safari on iOS 11.0 through 17.2.