DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike
A sophisticated iOS exploit chain leverages multiple zero-day vulnerabilities and is targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A sophisticated iOS exploit chain leverages multiple zero-day vulnerabilities and is targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine.
Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week.
Patch now: Cisco recently disclosed four actively exploited zero-days affecting millions of devices, including three targeted by a nation-state actor previously discovered to be behind the "ArcaneDoor" campaign.
CERT-FR's advisory follows last month's disclosure of a zero-day flaw Apple said was used in "sophisticated" attacks against targeted individuals.
A "sophisticated" attack that also exploits an Apple zero-day flaw is targeting a specific group of iPhone users, potentially with spyware.
CVE-2025-43300 is the latest zero-day bug used in cyberattacks against "targeted individuals," which could signify spyware or nation-state hacking.
The technology giant said two zero-day vulnerabilities were used in attacks on iOS devices against "specific targeted individuals," which suggests spyware or nation-state threat activity.
A threat actor leveraged the vulnerability in an "extremely sophisticated" attack on targeted iOS users, the company says.
The Apple iOS 18.3 update fixes 28 other vulnerabilities identified by the tech company, though there is little information on them.
A pair of critical bugs could open the door to complete system compromise, including access to location information, iPhone camera and mic, and messages. Rootkitted attackers could theoretically perform lateral movement to corporate networks, too.
The new bug is Apple's 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats.
Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps.
Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps.
The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack.
All of the security bugs are under active attacks, but the extent of their exploitation is unknown.
Apple has issued an emergency fix for the latest exploited zero-day bug found affecting its software in 2023 — a list that also includes the Operation Triangulation spyware flaws.
Apple's emergency fix for a code-execution bug being actively exploited in the wild is reportedly buggy itself, and some indications point to the Cupertino giant halting patch rollouts.
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
Without many details, Apple patches a vulnerability that has been exploited in the wild to execute code.