Make sure your iOS devices are up to date. Stay SAFU.
Google's Threat Intelligence Group (GTIG) has identified a new full iOS exploit that leveraged multiple zero-day vulnerabilities to completely compromise devices. Based on the tool marks in the retrieved payloads, we believe the exploit chain is called DarkSword. Since at least November 2025, GTIG has observed several commercial surveillance providers and suspected state-sponsored actors using DarkSword in distinct campaigns. These threat actors have deployed the exploit chain against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine.
Google's Threat Intelligence Group (GTIG) has identified a new full iOS exploit that leveraged multiple zero-day vulnerabilities to completely compromise devices. Based on the tool marks in the retrieved payloads, we believe the exploit chain is called DarkSword. Since at least November 2025, GTIG has observed several commercial surveillance providers and suspected state-sponsored actors using DarkSword in distinct campaigns. These threat actors have deployed the exploit chain against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine.