Find notable cyber news and cases, enriched with sources, timelines, and signals.

DarkSword iPhone exploit chain exploitation wave

Exploitation Wave
First reported
Last updated
Happening score
H score 89
3 unique sources, 4 articles

Summary

Hide ▲

DarkSword is an active iPhone exploitation wave targeting iOS 18.4 through iOS 18.7, with Apple expanding iOS 18.7.7 and iPadOS 18.7.7 to more older devices on April 1 so they can receive protections without a full OS upgrade. The kit has been used in targeted cyber-attacks since July 2025, including web-based watering hole attacks that can deploy malware after a user visits a compromised website. Researchers say the wave has been linked to six vulnerabilities and data-stealing malware including GhostBlade, GhostKnife and GhostSaber, and that more users on older software remain exposed until they patch.

Related Happenings

WebKit memory corruption, out-of-bounds write, and use-after-free flaws (multiple vulnerabilities)

Vulnerability
H score1 First: 30.06.2026 10:15 Last: 30.06.2026 10:15 Sources 1

About this happening: **WebKit** now has four patched vulnerabilities, including **CVE-2026-43707**, **CVE-2026-43716**, **CVE-2026-43745**, and **CVE-2026-43715**, that can be triggered by **malicious...

Gremlin stealer modular toolkit evolution

Malware Activity
H score21 First: 15.05.2026 17:19 Last: 15.05.2026 17:19 Sources 1

About this happening: The **Gremlin stealer** malware has expanded into a **modular toolkit** with **session-hijacking** and **crypto clipping** capabilities, raising the risk of credential theft and a...

MiningDropper (BeatBanker) modular Android payload framework with encrypted staging

Technical Analysis
H score22 First: 24.04.2026 14:48 Last: 24.04.2026 14:48 Sources 1

About this happening: **MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...

SilentGlass launch as a monitor-connection protection security device

Security Tool/Service
H score46 First: 22.04.2026 18:00 Last: 22.04.2026 18:00 Sources 1

About this happening: The **UK National Cyber Security Centre** has released **SilentGlass**, a plug-and-play device that blocks unexpected or malicious signals between **HDMI** or **display port** con...

Nexcorium Mirai botnet activity on TBK DVR devices

Malware Activity
H score27 First: 18.04.2026 09:01 Last: 18.04.2026 09:01 Sources 1

About this happening: **Nexcorium**, a **Mirai variant**, is now being deployed against **TBK DVR-4104** and **DVR-4216** devices by exploiting **CVE-2024-3721**, turning compromised IoT hardware into...

Timeline

  1. 02.04.2026 16:30 2 articles · 3mo ago

    Apple expands iOS 18.7.7 protections for DarkSword targets

    Mitigation Patch Update

    Apple broadened availability of iOS 18.7.7 and iPadOS 18.7.7 on April 1 to more devices still running iOS 18, including iPhone XR through iPhone 16 models, iPhone SE (2nd and 3rd generation), and multiple iPad models, so they can receive security patches against DarkSword web-based watering hole attacks that can deploy malware after a user visits a compromised website. Apple also began sending lock screen notifications to users running older software, urging installation of the latest security updates.

    Show sources
  2. 18.03.2026 23:15 2 articles · 3mo ago

    DarkSword research disclosure and remediation guidance

    Initial Disclosure

    Google, iVerify, and Lookout publish research on DarkSword, an iOS exploit chain targeting iPhones running iOS 18.4 through 18.7 and used since at least November 2025 against users in Saudi Arabia, Turkey, Malaysia, and Ukraine by commercial surveillance vendors and suspected state-sponsored actors. The chain combines multiple vulnerabilities, including CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520, to achieve remote code execution, sandbox escape, privilege escalation, full device compromise, sensitive-data exfiltration, and cryptocurrency wallet theft. The guidance says the flaws have been fixed in iOS 18.7.6 and iOS 26.3.1, but more than 200 million users may still be vulnerable, with Lockdown Mode suggested as an added defense.

    Show sources