The Latest

A powerful iPhone hacking toolkit dubbed “DarkSword” has been used since November 2025 to compromise devices by exploiting zero-day iOS vulnerabilities, Google researchers have shared.

iOS vulnerabilities exploited by DarkSword

Two weeks ago, Google Threat Intelligence Group (GTIG) and iVerify disclosed the existence of Coruna, a spy-grade iOS exploit kit that has been used in a commercial surveillance operation, by state-linked threat actors engaged in cyber espionage, and cybercriminals.

While Coruna contains five full iOS exploit chains and a total of 23 exploits for vulnerabilities (with and without a CVE identifier), Darksword chains six vulnerabilities to allow attackers to achieve remote code execution on vulnerable iPhones and deploy malicious payloads.

Three of these are flaws in WebKit, the browser engine used by Apple’s Safari browser and all web browsers on iOS and iPadOS. Two are in the iOS (and macOS) kernel and one in the Dynamic Link Editor component of Apple’s operating systems.

Apple fixed:

  • CVE-2025-31277 (WebKit) in iOS 18.6, in July 2025
  • CVE-2025-43510 and CVE-2025-43520 (kernel) in iOS 26.1 and 18.7.2, in November 2025
  • CVE-2025-43529 and CVE-2025-14174 (WebKit) in iOS 26.2 and 18.7.3, in December 2025 (after reports of targeted in-the-wild exploitation)
  • CVE-2026-20700 (dyld) in iOS 26.3, in February 2026, also after confirmed zero-day exploitation.

DarkSword discovery

According to Google researchers, DarkSword has been leveraged in a variety of attack campaigns tied to several threat actors, including suspected Russian state-sponsored attackers UNC6353, who also leveraged the Coruna exploit kit, and customers of PARS Defense, a Turkish commercial surveillance vendor.

DarkSword iOS exploit

Timeline of observed DarkSword use and Apple’s patching of the flaws (Source: Google Threat Intelligence Group)

After uncovering Coruna, researchers from mobile security company Lookout identified another suspicious domain (cdncounter[.]net) closely linked to previously known malicious infrastructure tied to UNC6748.

The domain shared technical characteristics with earlier infrastructure and was connected to compromised Ukrainian websites where hidden iframes were used to deliver malicious code.

Further analysis showed this activity was not Coruna but a new operation: the injected code fingerprinted visiting devices and selectively targeted certain iOS versions with a separate exploit chain: DarkSword (named thus to internal references found in the malware).

“DarkSword is a complete exploit chain and infostealer written in JavaScript. It leverages multiple vulnerabilities to establish privileged code execution to access sensitive information and exfiltrate it off the device. The kill chain begins with Safari encountering the malicious iframe embedded in a web page. Once loaded, Darksword breaks out of the WebContent sandbox and then leverages WebGPU to inject into mediaplaybackd. From there it can craft Kernel read/write access, which it leverages to gain access to privileged processes and modify sandbox restrictions, gaining access to restricted parts of the filesystem,” Lookout researchers explained.

After gaining deeper access to the device, the malware runs a main script that coordinates several smaller malicious components, which collect sensitive data like passwords, encryption keys, and files, and store them temporarily on the device, then send them to a remote server controlled by the attackers.

DarkSword use

In November 2025, Google researchers spotted DarkSword being used by UNC6748 to target Saudi Arabian users via a Snapchat-themed website. In November 2025 and January 2026, they uncovered evidence of DarkSword being used in two campaigns associated with different PARS Defense customers and targeting users in Turkey and Malaysia.

UNC6353, who were previously observed using Coruna, also targeted Ukrainian users again with DarkSword and a backdoor (GHOSTBLADE) that collected a wide variety of information about the device, installed apps, accounts, location history, photos, calendar entries, notes, cryptocurrency wallet and account data, Safari history, and more.

iVerify researchers also analyzed that last campaign.

Lookout researchers say UNC6353 appears to have access to advanced iOS exploit chains, likely originating from top-tier commercial surveillance vendors. Some of these exploits were used as zero-days, suggesting the group is well funded and may be linked to exploit brokers such as Matrix LLC / Operation Zero.

They also note that both Coruna and DarkSword can steal cryptocurrency alongside sensitive personal data, meaning they can be used for both espionage and financial theft. It remains unclear whether crypto theft was a primary objective, leaving open the possibility that the group is financially motivated or that this state-aligned actor has expanded into targeting mobile users for profit.

What to do?

The fear now is that other cybercriminals might get their hands on the two toolkits and leverage them to target a larger pool of iOS users.

“The combined attacks now likely affect hundreds of millions of unpatched devices running iOS versions from 13 to 18.6.2,” iVerify researchers noted.

“We strongly recommend updating to iOS 18.7.6 or iOS 26.3.1. This will mitigate all vulnerabilities that have been exploited in these attack chains.”

Google researchers say users that cannot update to either of those should consider enabling Lockdown Mode for enhanced security.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!


from Help Net Security https://ift.tt/sadBZ7k

Flare has unveiled the general availability of Foretrace, a new business-to-business-to-employee (B2B2E) product that delivers enterprise-grade identity protection directly to employees. Built on the same threat intelligence infrastructure used by security teams to defend their organizations, Foretrace allows individuals to monitor and remediate their personal digital identity exposures.

Foretrace

The spread of infostealer malware and the shift to remote and hybrid work have created a new reality where personal and corporate identities are increasingly interconnected, exposing both to greater risk. In fact, 48% of stealer logs contain corporate account credentials. Foretrace addresses this challenge by extending Flare’s identity intelligence beyond the security operations team and directly to employees, democratizing security within the enterprise.

By giving individuals accessible visibility into identity risks and the tools to address them, organizations can reduce their attack surface, strengthen their security culture, and better manage risks arising from employee exposures.

“For years, security teams have been able to monitor corporate credential exposures, but personal identity risks tied to their employees have not been something a security team can act on,” said Nick Ascoli, VP Product of Strategy, Flare. “Foretrace changes that by empowering employees to be part of the solution. When people can see and fix risks tied to their own identities, security becomes personal, and that leads to stronger outcomes than awareness training alone.”

Foretrace is powered by Flare’s identity intelligence infrastructure, which includes approximately 100 million stealer logs, monitoring of more than 57,000 Telegram channels, and roughly 20 billion leaked credentials. Foretrace surfaces real-time exposure data drawn from the same sources attackers use to conduct account takeovers and social engineering campaigns.

The product is delivered through a B2B2E model, enabling organizations to offer Foretrace as a security benefit to their workforce via the Flare platform. Employees access their own private identity profile — one that their employer cannot view. This ensures that the service functions as personal protection rather than workplace monitoring, a distinction designed to build trust and encourage adoption.


from Help Net Security https://ift.tt/AaVi4dh

If the cost of signing up for a Spartan Race or Tough Mudder has ever given you pause, good news: You can now use your Health Savings Account (HSA) or Flexible Spending Account (FSA) funds to cover race registration fees. Spartan has partnered with Flex, a platform that enables HSA/FSA payments across fitness and wellness brands, to make this possible.

How using your FSA to pay for a race works

A quick refresher on how HSA and FSA accounts work: Both are funded with pre-tax dollars, meaning the money goes into them before the IRS takes its cut. When you spend those funds on a qualifying purchase, you're effectively getting a discount equal to your tax rate. For most people, that translates to 30 to 40 percent in savings compared to paying out of pocket. So a $150 race registration might only cost you $90 to $105.

How to use your HSA/FSA to sign up for a race

The process is straightforward: If you have an HSA debit card or FSA card, it works much like any other payment method, where you just need to select it at checkout. Register for a Spartan or Tough Mudder event and pay using your HSA or FSA card. Flex then handles the eligibility verification on the backend, so you don't have to jump through hoops to prove the expense qualifies. (If you don't have an FSA/HSA debit card or didn't use it when you registered, it's unclear if you'd be able to submit you claim after the fact under this partnership; I've reached out to Flex and Spartan for clarification.)

The Flex partnership covers registration costs for Spartan's portfolio of events, which includes Tough Mudder races. And it may not stop there—Spartan and Flex are reportedly looking into more ways to extend HSA/FSA eligibility for things like training programs, recovery tools, and other athlete resources down the line. That would mean the full journey from training to finish line could eventually be (partially) funded with pre-tax health dollars.

The bottom line

In the big picture, a move like this is part of a growing shift in how fitness and wellness brands are thinking about access. Gym owner Equinox announced a similar partnership with Flex last month, allowing HSA/FSA funds to go toward select memberships, personal training, recovery services, and women's health programs. The underlying logic is the same: Physical fitness is an important part of preventative health, and your pre-tax health dollars should be able to work toward that.

If you've been sitting on unused FSA funds, or building up an HSA balance you haven't fully put to work, race registration is an unexpected but worthy way to use those dollars.


from Lifehacker https://ift.tt/4O8ohgP

Whether you love to garden or take pride in an immaculately landscaped space ideal for entertaining (or both), creating and maintaining a beautiful outdoor area for you and your family to enjoy adds immeasurable value to your property and quality of life.

If your family includes some beloved pets who also enjoy your outdoor spaces, however, you have to be careful when it comes to the plants you choose for your garden or landscaping. There are a lot of plants that are safe for humans that can poison our furry friends, so being deliberate in your choices when planning out the garden or laying out your landscaping is a must if pets are going to be allowed outside. Here are some pet-safe plants to focus on—and some to avoid at all costs.

Note that these lists aren’t comprehensive—you can check the database the ASPCA maintains before you plant anything not mentioned explicitly here.

Trees and shrubs that are safe for pets

You might not think trees can harm your pets, but they can—nuts, leaves, and even the bark of some trees can be toxic to dogs and cats. If your landscaping plan involves bringing in some trees and shrubs for shade and privacy, here are some safe choices:

  • Red Maple. These trees are striking additions to any yard with their bright red leaves. They’re dangerous for horses, but safe for dogs and cats.

  • Dogwood. Another beautiful shade tree with white and green flowers, it’s 100% safe for dogs and cats.

  • Magnolias. If your pet is one of those critters that likes to experimentally eat everything it encounters, rest easy: The leaves, flowers, and bark of this pretty, white-pink flowering tree are safe to consume.

  • Serviceberry. Sometimes called Shadbush or Juneberry, these small trees are visually stunning when they flower, and are beneficial to local birds and other wildlife that feed on the berries. Their small size makes them useful for landscaping designs, and they’re perfectly safe for pets—even the berries.

  • Crape Myrtle. These fast-growing plants are kind of in-between a tree and a shrub in terms of size, so they’re often useful for landscaping, and they pose no threat to your pets.

  • Camellias. These colorful shrubs are ideal for creating natural privacy screens, and are safe for your pets.

  • Spiraea. If you love the look of azaleas or rhododendrons in your yard but would prefer to avoid poisoning your pets, spiraeas are an excellent, pet-safe alternative. They look very similar—full, with lots of colorful blossoms.

  • Golden Bells. Perfect for edging and privacy screening, these bright yellow shrubs won’t pose any threat to your furry friends.

Some to avoid: Walnut trees, most fruit trees, azaleas, and rhododendrons.

Annual plants that are safe for pets

If you like to change up your garden or landscaping each year and rely on annuals for that flexibility, you have a lot of beautiful choices:

  • Impatiens. Colorful and easy to grow, these will bloom all spring and summer.

  • Zinnias. Fast-growing, so a good choice if you’re replacing a toxic flower and need some pink and red in your color scheme.

  • Sunflowers. There are both perennial and annual species of sunflower—and they come in a wide range of colors, so you can really supercharge your outdoor space’s design, attract a lot of pollinators, and never worry about your dog or cat getting sick.

  • Petunias. Technically, these pretty flowers are what’s known as “tender perennials” because they can come back year after year, but usually don’t survive the cold. They’re a great choice for pops of color that won’t harm your pets.

  • Celosias. Colorful and unique, with spiky, tall flowers, these are great for variety and are easy to grow—and perfectly safe for dogs and cats.

Some to avoid: Tulips, begonias, lilies, and geraniums.

Perennial plants that are safe for pets

Perennials can be easier to care for and provide a sense of permanence, which is nice if you really love the garden or outdoor space you’ve created. If that’s you, here are some suggestions for pet-safe perennials:

  • Asters. If you love mums, asters are a great alternative that don’t pose any threat to your animals. They look similar to mums, and come in late in the year to keep your outdoor spaces colorful.

  • Coral Bells. These are great fill-in plants that will make your flower beds look full and vibrant, and they attract pollinators and hummingbirds.

  • Tickseed (aka, Coreopsis). If you like daisies, this traditionally yellow flower (modern variants offer more color choices) is a safer alternative. It’s easy to grow and care for (very drought-tolerant for those of us who continually forget to water), and makes a sparse flower bed feel full.

  • Catmint. Closely related to catnip, this is a great choice if you have an adventurous indoor/outdoor feline. Catnip looks like a weed, but catmint is a gorgeous purple flower your pets can munch on to their heart’s delight (yes, dogs too).

Some to avoid: Daisies, mums, creeping jenny, ajuga, peonies, hosta, and lillies.

Vegetables and herbs that are safe for pets

If your gardening is more about feeding your family, don’t assume that just because you can eat it, so can your pets. Some safe choices for veggies in your garden include carrots, cucumbers, zucchini, lettuce, spinach, pumpkin (there’s a reason it’s in so many pet foods), peas, sweet potatoes, and broccoli.

Some to avoid: Tomatoes, potatoes, onions, hot peppers, eggplant, and green beans.

If you’re growing your own herbs to use in your cooking, you can’t go wrong with basil, sage, rosemary, cilantro, dill, or thyme.

Some to avoid: Chives, oregano, mint, bay leaf, and tarragon.

Ground covers that are safe for pets

Landscaping isn’t just about choosing and arranging the big statement plants. You also need ground covers to tie everything together and protect your soil—and ground covers can be toxic to pets as well. Most lawn grasses are safe for pets (cats will sometimes eat lawn grasses to inspire vomiting; while it’s generally a natural and healthy instinct for them, you shouldn’t let them do it too much, so it’s a consideration if you let your cat explore your lawn). Other safe ground covers include moss, snow-in-summer, sedges, hardy iceplant, lamb’s ear, and creeping phlox.

What to avoid: Cocoa mulch, asparagus fern, and ivy.


from Lifehacker https://ift.tt/qMrWJ02

Token Security has unveiled intent-based AI agent security, a new approach that governs autonomous agents in enterprise environments by aligning their permissions with their intended purpose.

As organizations deploy autonomous AI agents across enterprise infrastructure, security models are struggling to contain the risks. Token Security has been advancing the concept of intent-based security for AI agents, and using identity as the control plane for governing autonomous systems. Because AI agents interact with enterprise systems through service accounts, API credentials, and cloud roles, identity controls are a natural enforcement layer for governing what agents can access and execute.

intent-based AI agent security

“Prompt filtering and guardrails were not designed to fully contain the security risks introduced by autonomous AI agents,” said Itamar Apelblat, CEO of Token Security. “With our intent-based approach, the Token Security platform understands what AI agents are supposed to do and ensures they only have the permissions required to achieve their specified goals. As soon as their intent changes or they demonstrate risky behavior, our solution automatically intervenes to neutralize the threat.”

From guardrails to intent-based security

Since AI agents are non-deterministic and goal-oriented, two agents with identical permissions can behave very differently depending on what they are trying to accomplish. This unpredictable nature limits the ability of static permissions, inherited human roles, or past behavior to contain agent security risks.

Token Security’s intent-based AI agent security introduces a new enforcement model that extends beyond prompt filtering and static policy-based controls to enforce dynamic authorization. The Token Security platform operationalizes intent-based AI agent security through five core capabilities:

  • Continuously discovering AI agents, their owners, and their access
  • Understanding declared and observed agent intent to decipher what they are designed and scoped to do
  • Dynamically creating and enforcing least privilege access policies aligned to defined intent
  • Flagging and constraining actions that fall outside established intent boundaries
  • Applying lifecycle governance controls to prevent access drift and orphaned agents

“Intent is the missing dimension in AI agent security, since security teams must understand what an agent is designed to accomplish before they can safely govern what it can access,” added Ido Shlomo, CTO of Token Security. “AI agents shouldn’t inherit the full permissions of the humans who create them. When they do, organizations lose visibility and control over what those systems can access and execute. By understanding what an agent is designed to do and enforcing access based on its stated purpose, organizations can keep autonomous systems operating within safe boundaries.”


from Help Net Security https://ift.tt/tEsQrzi

Security updates aren't as flashy or fun as feature updates, but they're just as important—if not more—to install. They include patches for vulnerabilities in your device's OS that could leave you open to hacking. By patching these weak points as quickly as possible, you reduce the risk to your device and its data.

Traditionally, Apple has largely kept its security updates tied to its general software releases, both big and small. Rather than release iOS 26 and a subsequent security patch, Apple just couples the two. Even if you don't (or can't) update to the latest iOS, Apple will add the most important patches to new updates of older iOS versions (e.g. iOS 18.7.6, or iOS 15.8.7). But the company has toyed with individual security releases in recent years, especially for particularly timely patches. They started with Rapid Security Responses, which were updates that were specifically labeled as such, like iOS Security Response 16.4.1 (a). I thought this was a great idea, especially as other platforms, like Android and Windows, already do this for their users.

While it seemed like a good idea, Apple hasn't released one of these in a while. Instead, the company has largely gone back to releasing security updates alongside typical software updates, whether or not it had any new features to include in said update. Now, it seems, the company is trying out a new type of security update—one that's rather hidden, at that.

Apple's Background Security Improvements are a new type of security update

Initially announced with iOS 26.1, iPadOS 26.1, and macOS 26.1, Apple is now rolling out "Background Security Improvements." According to the company, these are "lightweight security releases" for things like Safari, WebKit (the framework Safari is built on), and other system libraries. Like the Rapid Security Responses, the idea is to issue smaller patches in between software updates. That way, Apple doesn't have to release iOS 26.3.2 in order to patch Safari; you can stay on iOS 26.3.1, and still update Safari with the proper patch.

In fact, this feature just had its first update this week. On Tuesday, Apple pushed version 26.3.1 (a) for iOS, iPad, and macOS. (There's also a macOS 26.3.2 (a) for MacBook Neos running macOS 26.3.2). This update patches a WebKit flaw that let bad actors bypass Same Origin Policy if you clicked on malicious web content. Same Origin Policy typically prevents malicious sites from accessing other sites you might have open. For example, if you open a malicious site, Same Origin Policy should stop it from accessing your Gmail inbox open in another tab. But this flaw gave bad actors a way around that.

This update is available to all Apple devices running the latest versions of Apple's OSes, but you won't find it if you check your Software Update settings. That's not because it's still rolling out; rather, you need to make sure Background Security Improvements is enabled in order to open up these new security updates.

How to enable Background Security Improvements

On your Apple device, open Settings (System Settings on macOS), then go to Privacy & Security. Here, scroll down to the bottom of the page, then choose Background Security Improvements. Here, ensure that "Automatically Install" is turned on. If so, the update should install on its own, but there's no telling when it'll do so.

You can also install the update manually. Below this toggle, you'll see the latest Background Security Improvements update. Choose "Install," enter your passcode or password, and your device will begin downloading the update. When it's ready, you can hit "Restart & Install."


from Lifehacker https://ift.tt/Ra2kyJG

We may earn a commission from links on this page.

Garmin has finally launched an official WhatsApp integration for its watches—and this time it's the real deal. Unlike the limited functionality that existed before, you can now compose and reply to WhatsApp messages and threads directly from your wrist. No more fumbling for your phone just to say "yes" to dinner plans.

Is your Garmin watch on the list?

First things first: check if your watch is supported. Here's the full list at launch:

The rule of thumb seems to be that all 2025 or 2026 releases are covered. The one 2024 exception is the Fenix 8.

How to install WhatsApp on your Garmin

Open the Connect IQ app on your phone and WhatsApp should be front and center at the top of the list. Or head straight to the app store here.

A couple of limitations worth noting:

  • There's no LTE support. Even on the Fenix 8 Pro series (which has built-in cellular) this still requires your phone to be connected and nearby.

  • It's a full app, not a widget. It's installed like a sport app rather than a quick-access glance, so it's not quite as frictionless to pull up.

  • There are no images. Photos, stickers, GIFs, and in-app camera shots all show up as "unsupported."

If your WhatsApp threads are photo-heavy, this probably won't wow you. But if you mainly need quick text replies—the classic "on my way," "yes," "give me five mins" stuff—it's genuinely handy when your phone isn't right next to you.

The usefulness also depends a lot on how central WhatsApp is to your life versus native messaging apps. iOS users in the U.S. might shrug; much of the rest of the world will care a lot more.

The big wishlist item now is LTE support. If Garmin is going to sell watches with built-in cellular, having messaging actually work over that connection would be prime.


from Lifehacker https://ift.tt/MhwfCBt