Links are not yet activated.
To activate, add a link back to submitpr.org from your website and contact @jaycosta on Telegram,
or pay via Solana (from $19.95) for instant activation.
A coordinated investigation by Google's Threat Intelligence Group, Lookout Threat Labs, and iVerify has exposed **DarkSword** — the most dangerous iPhone exploit kit discovered in years. Unlike previous iOS attacks that targeted journalists and activists, DarkSword is designed for mass exploitation. Up to 296 million iPhones may be vulnerable.Here's everything you need to know — and exactly what to do right now.
DarkSword is a full-chain, zero-click iOS exploit kit that chains **six separate vulnerabilities** to achieve complete control of an iPhone. The attack requires no interaction from the victim — simply visiting a compromised website is enough.
::alert danger
**This is not a phishing scam.** DarkSword uses "watering hole" attacks on legitimate websites. You don't need to click anything or download anything. Just loading the page is enough to compromise your device.
::end
Once inside, the malware deploys three JavaScript-based payloads — codenamed GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER — that exfiltrate your data in seconds before deleting themselves to avoid detection.
The exploit targets virtually everything on your iPhone:
::keyfacts
- **Photos and videos** — full camera roll access
- **Passwords** — saved credentials and keychain data
- **Crypto wallets** — targets 12+ exchanges (Coinbase, Binance, Kraken) and 7+ wallet apps (Ledger, MetaMask, Trezor)
- **Messages** — iMessage, Telegram, WhatsApp, Signal
- **Location history** — complete movement tracking
- **Health data** — Apple Health records
- **Browser history** — Safari and Chrome data
- **iCloud Drive** — documents and files
- **Wi-Fi passwords** — saved network credentials
::end
Three distinct threat actors have been identified using DarkSword since November 2025:
| Threat Actor | Suspected Origin | Target Region | Attack Method |
|---|---|---|---|
| UNC6353 | Russia-linked | Ukraine | Compromised government and news sites |
| PARS Defense | Turkey (commercial vendor) | Turkey, Malaysia | Surveillance-as-a-service clients |
| UNC6748 | Commercial surveillance | Saudi Arabia | Fake Snapchat-themed watering hole |
::highlight
"Apple's messaging that iPhones are only attacked in rare, targeted cases is no longer accurate — everyone is at risk." — Rocky Cole, CEO, iVerify
::end
For full coverage, visit https://www.linos.ai/technology/darksword-iphone-exploit-protection-guide-2026/
About Linos NEWS: Linos NEWS (https://www.linos.ai) delivers breaking news and in-depth analysis across politics, technology, business, science, health, world affairs, sports, and entertainment.