Find notable cyber news and cases, enriched with sources, timelines, and signals.

Darksword iOS exploit kit and data-stealing activity

Malware Activity
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

The Darksword iOS exploit kit is being used to steal personal information from iPhones, including cryptocurrency wallet data, making it a high-risk mobile infostealer operation. It targets devices running iOS 18.4 through 18.6.2 and enters through Safari using a chain of multiple exploits before loading its main orchestrator. Researchers link the activity to UNC6353 and say the toolkit can exfiltrate passwords, messages, photos, and other sensitive device data.

Related Happenings

WebKit memory corruption, out-of-bounds write, and use-after-free flaws (multiple vulnerabilities)

Vulnerability
H score1 First: 30.06.2026 10:15 Last: 30.06.2026 10:15 Sources 1

About this happening: **WebKit** now has four patched vulnerabilities, including **CVE-2026-43707**, **CVE-2026-43716**, **CVE-2026-43745**, and **CVE-2026-43715**, that can be triggered by **malicious...

Apple Passwords app and Safari add Apple Intelligence-powered automatic password repair

Security Tool/Service
H score10 First: 09.06.2026 00:03 Last: 09.06.2026 00:03 Sources 1

About this happening: **Apple Passwords app** and **Safari** are adding an **Apple Intelligence** feature that can automatically repair weak or compromised passwords, reducing password-hygiene risk for...

NGate malware trojanized HandyPay NFC-stealing variant

Malware Activity
H score34 First: 21.04.2026 12:00 Last: 21.04.2026 12:00 Sources 1

About this happening: A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...

Apple iOS 18.7.7 security update expansion for DarkSword

Security Patch Release
H score41 First: 02.04.2026 00:50 Last: 02.04.2026 00:50 Sources 1

About this happening: Apple expanded **iOS 18.7.7** availability to more older **iPhones and iPads** on **April 1, 2026**, letting devices that stay on **iOS 18** receive protections against the **acti...

Infinity Stealer macOS infostealer activity

Malware Activity
H score29 First: 28.03.2026 16:35 Last: 28.03.2026 16:35 Sources 1

About this happening: **Infinity Stealer** is a **macOS infostealer** being delivered through a **ClickFix** lure and is able to steal high-value credentials and secrets. The payload is compiled with *...

Timeline

  1. 18.03.2026 16:02 1 articles · 3mo ago

    Darksword iOS exploit kit disclosure and analysis

    Initial Disclosure

    Lookout Threat Labs, with Google’s Threat Intelligence Group and iVerify, details Darksword as a new iOS exploit kit and delivery framework used against iPhones running iOS 18.4 through 18.6.2 to steal personal information, including cryptocurrency wallet data. The analysis links the activity to UNC6353, describes a Safari-based exploit chain that reaches a main orchestrator component named pe_main.js, and says the operation can exfiltrate passwords, photos, WhatsApp and Telegram databases, browser history, Wi‑Fi credentials, Apple Health data, and other sensitive device information before wiping temporary files and exiting.

    Show sources