Breaking AI & Tech News Analyzed

The Coruna and DarkSword Threat For years, the prevailing narrative among iPhone security experts was that breaking through Apple's defenses was a rare, high-barrier event requiring significant resources. However, recent investigations by Google, iVerify, and Lookout have shattered this assumption. Researchers have documented broad-scale hacking campaigns utilizing two specific tools, Coruna and DarkSword, which have been used to target victims globally who are not running the latest software updates. Attack Vectors: Hackers are compromising legitimate websites and creating fake pages to deliver spyware. Key Actors: Involvement of Russian spies and Chinese cybercriminals. Tool Availability: The source code for these tools has leaked online, allowing anyone to launch attacks against older iPhones. The Two-Tier iPhone Security Landscape The discovery of Coruna and DarkSword highlights a critical data point in the current security ecosystem: the existence of two distinct classes of iPhone users. This bifurcation is driven by the introduction of Memory Integrity Enforcement in iOS 26, a feature designed to prevent memory corruption bugs—the very vulnerabilities exploited by DarkSword. Class A (Secure): Users on the latest iPhone 17 models running iOS 26 are protected by memory-safe code and Lockdown Mode, making them resistant to these specific memory-based hacks. Class B (Vulnerable): Users running iOS 18 or older versions remain exposed to memory corruption attacks, as these older systems lack the new safety enforcement layers. Challenging the 'Rare Hack' Myth The widespread use of these leaked tools suggests that spyware attacks are becoming more common and less exclusive. This shift is fueled by a thriving "second-hand" market for exploits, where brokers resell vulnerabilities before they are patched. Experts argue that the rarity of iPhone hacks has been overstated simply because they are rarely documented. As noted by Patrick Wardle, the baseline capability for such attacks is now accessible to a wider range of actors, moving beyond state-sponsored actors to include cybercriminals. The End of the 'Rare Hack' Era The future of mobile security appears to be one of continuous escalation. With the code for Coruna and DarkSword now public, the barrier to entry for launching attacks against older devices has lowered significantly. This indicates that memory-based exploits will continue to plague lagging users, and the market for exploit development will likely expand as brokers seek to monetize vulnerabilities before updates are applied.

The Dual Threat: Coruna and DarkSwordSecurity researchers have identified two distinct but equally dangerous hacking toolkits, Coruna and DarkSword, that have leaked onto the open web. These advanced exploit kits, capable of breaking into iPhones and iPads, were originally developed for high-level government surveillance but are now available for anyone to download.Coruna: Targets iOS 13 through 17.2.1. Linked to Trenchant, a unit within U.S. defense contractor L3Harris, and previously used in Operation Triangulation against Russian targets.DarkSword: Targets iOS 18.4 and 18.7. Leaked on GitHub, making it "plug-and-play" for cybercriminals.The Scale of VulnerabilityThe scale of this exposure is staggering. According to Apple's statistics, nearly one-in-three iPhone and iPad users are still not running the latest software. With over 2.5 billion active devices globally, this implies hundreds of millions of users are susceptible to these attacks.DarkSword is particularly concerning because it targets newer devices running iOS 18.4 and 18.7. Researchers have already tested the leaked code, successfully hacking their own devices to demonstrate the ease of use.From State-Sponsored Espionage to Public ExploitationThis leak marks a dangerous shift in the cybersecurity landscape. Historically, sophisticated tools like Coruna were the domain of state-sponsored actors targeting specific regions, such as the Uyghurs in China or activists in Hong Kong.However, the release of DarkSword represents a move toward indiscriminate cybercrime. The tool is written in web languages like HTML and JavaScript, allowing attackers to launch attacks simply by hosting a malicious website. Victims in China, Malaysia, Turkey, Saudi Arabia, and Ukraine have already been targeted.The Future of Zero-Day WeaponizationThe leak of these tools mirrors the infamous 2017 WannaCry ransomware attack, which was fueled by leaked NSA exploits. Once powerful zero-day vulnerabilities are released into the wild, they are nearly impossible to fully contain.Experts recommend immediate action: users must update to iOS 18.7.6 or iOS 26.3.1. For high-risk individuals, enabling Lockdown Mode remains the most effective defense, as there is currently no public evidence of hackers bypassing its protections.

A jury in the United States has ordered social media giant Meta to pay $375m for harming children's mental health and making them vulnerable to sexual exploitation.The verdict, handed down in New Mexico after a six-week trial, marks the first time a US state has successfully sued Meta over child safety issues. State authorities accused Meta, the parent company of Instagram, Facebook, and WhatsApp, of failing to protect minors.Jurors sided with state prosecutors who argued that Meta prioritized profits over safety and violated parts of New Mexico's Unfair Practices Act. The jury agreed with allegations that Meta made false or misleading statements and engaged in 'unconscionable' trade practices that unfairly took advantage of the vulnerabilities and inexperience of children.The case involved testimony from 40 witnesses, including employees-turned-whistle-blowers, and reviewed hundreds of documents, reports, and emails. New Mexico Attorney General Raúl Torrez called the verdict 'a historic victory for every child and family who has paid the price for Meta's choice to put profits over kids' safety.'Meta has stated that it will appeal the verdict, with a spokesperson saying, 'We respectfully disagree with the verdict and will appeal. We work hard to keep people safe on our platforms and are clear about the challenges of identifying and removing bad actors or harmful content.'A second phase in New Mexico's proceedings against Meta is scheduled to begin in May, when a judge will hear the state's claim that the company should be ordered to pay additional penalties and make specific changes to its platforms and company operations.

The global food system is facing an unprecedented threat of collapse, much like the financial system did in 2008. The concentration of power in the hands of a few large corporations has led to a loss of diversity, redundancy, and modularity, making the system highly vulnerable to shocks.Recent data suggests that every part of this system is now highly concentrated in the hands of a few corporations, which have been consolidating both vertically and horizontally. One recent study found that the US food system has “consolidated nearly twice as much as the overall economic system”. Some of these corporations, diversifying into financial products, now look more like banks than commodity traders, but without the same level of regulation.These vulnerabilities are exacerbated by the use of just-in-time supply chains and the funnelling of much of the world’s trade through a number of chokepoints. Some people have long warned that the strait of Hormuz, alongside the Suez canal, Turkish straits, Panama canal and straits of Malacca, are critical chokepoints, whose obstruction would threaten the flow of food, fertiliser, fuel and other crucial agricultural commodities.When a system has lost its resilience, it’s hard to predict just how and when it could go down. The collapse of one corporation? The simultaneous closure of two or more chokepoints? A major IT outage? A severe climate event coinciding with a geopolitical crisis? The next step could be contagious bankruptcy and cascading failure across sectors.We know what needs to happen: break up the big corporations; bring the system under proper regulatory control; diversify our diets and their means of production; reduce our dependence on a handful of major exporting countries; build strategic food reserves, accessible to people everywhere. But there’s a problem, and it’s not just Trump. Almost all governments are beholden to corporate and financial power.The best we can hope for is that braver politicians in our own countries seek to insulate us from the worst impacts. A crucial step is to encourage a shift to a plant-based diet. People struggle to see the relevance, but it’s simple. A plant-based diet requires far fewer resources, including just a quarter of the land a standard western diet requires and much less fertiliser and other inputs.

The Anatomy of the DarkSword LeakSecurity researchers have uncovered a significant escalation in iPhone vulnerabilities following the public release of the DarkSword exploit kit on the code-sharing site GitHub. Unlike sophisticated zero-days that require specialized knowledge to deploy, the leaked files are uncomplicated HTML and JavaScript scripts that can be hosted on a server in a matter of minutes. This accessibility has turned a tool previously associated with state-sponsored actors into a potential weapon for any criminal actor.The toolkit specifically targets iPhones and iPads running older versions of Apple’s operating system, such as iOS 18, which have not yet been updated to the latest iOS software. The code is designed to work "out of the box," meaning no iOS expertise is required to execute the attack. Researchers note that the leaked samples share infrastructure with previous campaigns analyzed by iVerify and Google, indicating a continuity in the threat landscape.The Scale of the VulnerabilityThe implications of this leak are vast, given the sheer number of devices potentially affected. According to Apple’s own data, approximately one-quarter of all iPhone and iPad users are still running older operating systems. With over 2.5 billion active devices globally, this suggests that hundreds of millions of users are currently exposed to the capabilities of DarkSword.Targeted Data: The exploit is capable of exfiltrating forensically relevant files, including contacts, messages, call history, and the iOS keychain (which stores Wi-Fi passwords and secrets).Historical Context: DarkSword was previously alleged to be used by Russian government hackers against Ukrainian targets, linking this new leak to geopolitical cyber warfare.From State-Sponsored to Criminal PlaygroundThe ease with which DarkSword can be repurposed has raised alarms within the cybersecurity community. Matthias Frielingsdorf, co-founder of mobile security startup iVerify, described the situation as "bad" and warned that the tool cannot be contained. The transition of such advanced spyware from a restricted government tool to a public commodity lowers the barrier to entry for cybercriminals.Kimberly Samra of Google and security hobbyist matteyeux have independently confirmed that the leaked code is trivial to use. Matteyeux successfully demonstrated the exploit on an iPad mini running iOS 18, proving that the threat is immediate and actionable for malicious actors.The Future of iOS Security and Lockdown ModeApple has responded by issuing an emergency update on March 11 for devices unable to run recent versions of iOS. The company emphasizes that keeping software up to date is the "single most important thing" for security and notes that devices with updated software are not at risk.Furthermore, Apple highlighted that Lockdown Mode would block these specific attacks. As the industry moves forward, the reliance on software updates and hardening features like Lockdown Mode will become increasingly critical in defending against the commoditization of exploit kits like DarkSword.