A recently discovered iOS exploit kit, known as DarkSword, leverages six vulnerabilities, including three zero-day flaws, to achieve full device takeover. This kit has been employed by multiple threat actors, including commercial surveillance vendors and suspected state-sponsored actors, since at least November 2025. The DarkSword kit is capable of stealing sensitive data from compromised devices, posing a significant threat to user privacy and security. The Google Threat Intelligence Group, iVerify, and Lookout have all reported on the existence and usage of this exploit kit, highlighting the need for immediate action to assess and mitigate potential exposure. The fact that multiple threat actors are utilizing this kit1 underscores the urgency of patching vulnerabilities to prevent exploitation. So what matters to practitioners is that the window for patching these flaws is rapidly closing, making it essential to assess their exposure immediately.