Find notable cyber news and cases, enriched with sources, timelines, and signals.

DarkSword operators phishing and watering-hole campaign

Campaign
First reported
Last updated
Happening score
H score 89
1 unique sources, 1 articles

Summary

Hide ▲

DarkSword operators ran a cross-border phishing and watering-hole campaign using an iPhone exploit chain against users in Saudi Arabia and Ukraine, with additional activity in Turkey and Malaysia since November 2025. The operation matters because the chain can fully compromise devices, exfiltrate data, and even target cryptocurrency wallets. The recurring lures and region-specific targeting point to an active campaign rather than a one-off exploit use.

Related Happenings

WebKit memory corruption, out-of-bounds write, and use-after-free flaws (multiple vulnerabilities)

Vulnerability
H score1 First: 30.06.2026 10:15 Last: 30.06.2026 10:15 Sources 1

About this happening: **WebKit** now has four patched vulnerabilities, including **CVE-2026-43707**, **CVE-2026-43716**, **CVE-2026-43745**, and **CVE-2026-43715**, that can be triggered by **malicious...

Triad Nexus investment scam and brand impersonation campaign targeting emerging markets

Campaign
H score33 First: 14.04.2026 15:00 Last: 14.04.2026 15:00 Sources 1

About this happening: The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...

Operation Triangulation updated iPhone espionage campaign

Campaign
H score41 First: 26.03.2026 15:10 Last: 26.03.2026 15:10 Sources 1

About this happening: The **Operation Triangulation** espionage lineage has resurfaced through **Coruna**, extending **zero-click iPhone** targeting to newer **A17** and **M3** devices and **iOS 17.2**...

Coruna watering-hole and fake-site exploitation campaign

Campaign
H score44 First: 26.03.2026 13:07 Last: 26.03.2026 13:07 Sources 1

About this happening: A suspected **Russia-aligned nation-state actor** is using **Coruna** in **watering-hole attacks in Ukraine** and a **mass exploitation campaign**, expanding the kit’s abuse beyon...

Perseus IPTV-lure distribution campaign targeting Europe and the Middle East

Campaign
H score36 First: 19.03.2026 14:43 Last: 19.03.2026 14:43 Sources 1

About this happening: The **Perseus** distribution campaign is actively pushing **Android malware** through **phishing sites** and **IPTV-lure apps**, increasing the risk of **device takeover** and **f...

Timeline

  1. 18.03.2026 23:15 2 articles · 3mo ago

    DarkSword operators phishing and watering-hole campaign

    Initial Disclosure

    In **November 2025**, a **phony website promising secure Snapchat messaging** was used to target **Saudi Arabian users**. Around the same period, **watering hole attacks** were used against **Ukrainian users**, showing the campaign's early multi-lure pattern.

    Show sources