TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Google, iVerify, and Lookout have jointly disclosed DarkSword, a new iOS exploit kit active since November 2025 that chains six CVEs to deploy three JavaScript backdoors (GhostKnife, GhostSaber, GhostBlade) capable of stealing messages, location history, cryptocurrency wallet data, recordings, and more. The kit is being abused by multiple threat actors including a suspected Russian espionage group (UNC6353) targeting Ukrainians, Turkish surveillance vendor PARS Defense targeting Turkish and Malaysian users, and UNC6748 targeting Saudi Arabians. All six exploited vulnerabilities have been patched, and users are urged to update to the latest iOS release. This is the second iOS exploit kit disclosed this month, following the earlier Coruna framework.

Snoops plant info-stealing malware on iPhones, Google warns

Who is using DarkSword to spy on iPhone users?