A newly discovered iOS exploit, known as DarkSword, has been identified by the Google Threat Intelligence Group, leveraging multiple zero-day vulnerabilities to fully compromise devices. This sophisticated malware, likely designed by a government entity, has been utilized by commercial surveillance vendors and suspected state-sponsored actors since at least November 2025. The exploit chain has been deployed in distinct campaigns, highlighting the severity of the threat. Technical analysis of recovered payloads has revealed toolmarks, allowing researchers to attribute the exploit chain to DarkSword1. The fact that multiple zero-day vulnerabilities are being exploited underscores the importance of prompt patching. As zero-day activity continues to target iOS devices, the window for patching is rapidly closing, making it essential for practitioners to assess their exposure immediately. This discovery matters to security professionals because it underscores the need for urgent vulnerability assessments to prevent exploitation by sophisticated threat actors.
DarkSword Malware
⚠️ Critical Alert
Why This Matters
Zero-day activity targeting Google means patching windows are already closing — assess your exposure immediately.
References
- Schneier, B. (2026, May 5). DarkSword Malware. Schneier on Security. https://www.schneier.com/blog/archives/2026/05/darksword-malware.html
Original Source
Schneier on Security
Read original →