A newly discovered iOS exploit kit, known as DarkSword, has been utilized by multiple threat actors to steal sensitive data from Apple devices in targeted campaigns across Saudi Arabia, Turkey, Malaysia, and Ukraine since late 2025. This powerful toolkit enables full-chain attacks, leveraging six vulnerabilities to compromise devices1. The involvement of surveillance vendors and likely nation-state actors in these campaigns signifies a shift in the threat landscape, with state-aligned activity now targeting Apple devices. The DarkSword exploit kit's capabilities and global reach underscore the evolving nature of iOS threats, with multiple actors exploiting the same vulnerabilities to achieve their goals. This development matters to practitioners because it signals a change in the threat model, from criminal to geopolitical, requiring a different approach to mitigate these types of attacks.