What is the DarkSword iOS exploit chain?

It's a full-chain zero-day attack using six vulns to jailbreak iOS 18.4-18.7, deploying spyware like GHOSTBLADE. Multiple actors use it since Nov 2025.

Is my iPhone vulnerable to DarkSword?

No, if updated to iOS 26.3+. Earlier versions? Update now or enable Lockdown Mode.

Who is using DarkSword exploits?

Surveillance vendors, Russian groups like UNC6353, and ops targeting Middle East/Europe.

🎯 Threat Intelligence

DarkSword: How One iOS Exploit Chain Went From Niche Tool to Spy Arsenal

What if the next big iOS hack wasn't cooked up by one spy agency, but passed around like a hot potato among hackers worldwide? DarkSword's spread reveals a chilling new normal in mobile espionage.

theAIcatchup Apr 08, 2026 3 min read

Timeline graphic of DarkSword iOS exploit observations and patches by Google Threat Intelligence

⚡ Key Takeaways

DarkSword iOS exploit chain is shared across threat actors, marking a shift to commoditized hacking tools. 𝕏
Targets six zero-days in WebKit/JavaScriptCore; fully patched in iOS 26.3. 𝕏
Update devices immediately; Lockdown Mode as backup for high-risk users. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#DarkSword #iOS exploit chain #nation-state actors #zero-day vulnerabilities

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Mandiant Blog

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Coruna Framework Revives Triangulation's iPhone Exploits

Storm-1175's Blitz: 16 Vulns Weaponized in Ransomware Sprint

2025 Zero-Days Hit 90: Enterprises Bleeding, Browsers Breathing Easy

Anthropic's Claude Mythos: AI That Hunts Zero-Days and Builds Exploits for Every OS

Stay in the loop