CyberSecurity Knuggets
Mar 25, 2026
- Subject: Leaked DarkSword iPhone spyware lowers bar for mass exploitations
Summary:
- A newly leaked version of DarkSword iPhone spyware toolkit was published on GitHub, making it accessible to a broad range of cybercriminals.
- The spyware exploits vulnerabilities in iOS versions older than iOS 26, jeopardizing hundreds of millions of iPhones and iPads that have not been updated.
- The leaked toolkit is easy to deploy, mainly using simple HTML and JavaScript, and can extract sensitive data such as contacts, messages, call history, and credentials.
- Apple issued emergency updates and emphasizes current iOS versions and features like Lockdown Mode protect users.
- The leak raises concerns about advanced mobile spyware tools spreading beyond government/intelligence use.
Other cybersecurity updates:
- FCC bans imports of new foreign-made consumer routers over national security risks;
- Foster City, CA, declares a state of emergency after ransomware disrupted emergency systems;
- German police warned companies of severe vulnerabilities in Windchill and FlexPLM software;
- Phishing incidents in Scioto County, Ohio;
- Russian cybercriminal sentenced for facilitating ransomware attacks;
- US State Department launches Bureau of Emerging Threats focusing on advanced tech threats by adversaries;
-
Multiple other incidents and threat reports highlighted.
-
Subject: DarkSword iOS exploit kit leaks to GitHub | The CyberWire 3.24.26s
Summary:
- The DarkSword iOS exploit kit was publicly posted on GitHub, enabling anyone to target iPhones running versions prior to iOS 26.
- Reports from iVerify, Lookout, and Google revealed DarkSword was previously used by a Russian espionage group in watering-hole campaigns targeting Ukrainians.
- The exploit kit enables privileged code execution and exfiltration of sensitive data.
- Apple acknowledged the issue and issued emergency updates on March 11 for devices unable to run the latest iOS.
- Citrix patched a critical remote memory information leak vulnerability (CVE-2026-3055) in NetScaler ADC and Gateway; patching is urgent to prevent exploitation.
- The FCC banned all new sales of foreign-made consumer routers in the US due to national security risk from vulnerabilities exploited in prior cyberattacks (Volt, Flax, Salt Typhoon).
-
The ban exempts existing approved devices but emphasizes removing foreign backdoors in home networks and infrastructure.
-
Subject: Webcast: The AI Inflection Point — What Security Leaders Are Seeing Now
Summary:
- Announcement of the “BTP 2026: The AI Inflection Point” webcast on April 7 & 8 featuring CrowdStrike, Okta, and Zscaler.
- Focus: How AI accelerates security outcomes, current gaps, and future priorities in cybersecurity.
- Key takeaways include understanding how AI is changing attack paths, improving detection/response, and integrating identity, network, and endpoint signals without complexity.
- The webcast aims to cut through AI hype, showing real security benefits and practical next steps.
-
Related resources are offered such as AI Red Teaming Engagement Playbook for CISOs and Zscaler AI Security Report.
-
Subject: Stryker Found Malicious During Probe Into Iran-Linked Attacks
Summary:
- Stryker found a malicious file during an investigation connected to an Iran-linked cyberattack.
- Extortion group claims to have hacked AstraZeneca.
- Iran is reportedly using an extensive camera network to monitor dissent; Israel exploited that network for targeting.
- Critical Citrix NetScaler vulnerability flagged for exploitation risk; patches recommended urgently.
- Mazda disclosed a data breach exposing employee and partner personal information from a warehouse management system vulnerability.
- Other updates include:
- RSAC 2026 Day 1 conference summaries;
- Chrome 146 security update;
- QualDerm data breach affecting 3.1 million;
- Surge in cyberattacks in Poland in 2025;
- Discussions on agentic AI governance and security challenges;
- Webcast announcement on CIS Controls and Benchmarks.
Stay Well!
