ALL POSTS

Key Findings Apple expanded iOS 18.7.7 availability on April 1, 2026 to protect users from the DarkSword exploit kit, which targets iOS versions 18.4 through 18.7 The update now covers iPhone XR through iPhone 16e and multiple iPad models, allowing users to patch vulnerabilities without upgrading to iOS 26 DarkSword spreads through watering hole attacks on compromised legitimate websites and can deploy backdoors and data miners for persistent access Approximately 20% of users

Key Findings Russian state-sponsored threat group TA446 (also known as Callisto, COLDRIVER, Star Blizzard) deployed the DarkSword iOS exploit kit in targeted spear-phishing campaign on March 26, 2026 Campaign used fake Atlantic Council "discussion invitation" emails to deliver GHOSTBLADE dataminer malware to iOS devices High-profile target included Leonid Volkov, Russian opposition politician and Anti-Corruption Foundation political director First observed use of DarkSword by

Key Findings CISA added five critical vulnerabilities to its Known Exploited Vulnerabilities catalog, including three Apple flaws, one Craft CMS code injection, and one Laravel Livewire vulnerability Three Apple vulnerabilities are linked to active exploitation by the DarkSword iOS exploit kit Craft CMS flaws have been actively exploited in the wild to breach servers and steal data Laravel Livewire vulnerability is associated with Iran-nexus APT group MuddyWater Federal agenc