Breaking AI & Tech News Analyzed

The Anatomy of the DarkSword LeakSecurity researchers have uncovered a significant escalation in iPhone vulnerabilities following the public release of the DarkSword exploit kit on the code-sharing site GitHub. Unlike sophisticated zero-days that require specialized knowledge to deploy, the leaked files are uncomplicated HTML and JavaScript scripts that can be hosted on a server in a matter of minutes. This accessibility has turned a tool previously associated with state-sponsored actors into a potential weapon for any criminal actor.The toolkit specifically targets iPhones and iPads running older versions of Apple’s operating system, such as iOS 18, which have not yet been updated to the latest iOS software. The code is designed to work "out of the box," meaning no iOS expertise is required to execute the attack. Researchers note that the leaked samples share infrastructure with previous campaigns analyzed by iVerify and Google, indicating a continuity in the threat landscape.The Scale of the VulnerabilityThe implications of this leak are vast, given the sheer number of devices potentially affected. According to Apple’s own data, approximately one-quarter of all iPhone and iPad users are still running older operating systems. With over 2.5 billion active devices globally, this suggests that hundreds of millions of users are currently exposed to the capabilities of DarkSword.Targeted Data: The exploit is capable of exfiltrating forensically relevant files, including contacts, messages, call history, and the iOS keychain (which stores Wi-Fi passwords and secrets).Historical Context: DarkSword was previously alleged to be used by Russian government hackers against Ukrainian targets, linking this new leak to geopolitical cyber warfare.From State-Sponsored to Criminal PlaygroundThe ease with which DarkSword can be repurposed has raised alarms within the cybersecurity community. Matthias Frielingsdorf, co-founder of mobile security startup iVerify, described the situation as "bad" and warned that the tool cannot be contained. The transition of such advanced spyware from a restricted government tool to a public commodity lowers the barrier to entry for cybercriminals.Kimberly Samra of Google and security hobbyist matteyeux have independently confirmed that the leaked code is trivial to use. Matteyeux successfully demonstrated the exploit on an iPad mini running iOS 18, proving that the threat is immediate and actionable for malicious actors.The Future of iOS Security and Lockdown ModeApple has responded by issuing an emergency update on March 11 for devices unable to run recent versions of iOS. The company emphasizes that keeping software up to date is the "single most important thing" for security and notes that devices with updated software are not at risk.Furthermore, Apple highlighted that Lockdown Mode would block these specific attacks. As the industry moves forward, the reliance on software updates and hardening features like Lockdown Mode will become increasingly critical in defending against the commoditization of exploit kits like DarkSword.

Iran's Foreign Minister Abbas Araghchi has accused the United States and Israel of causing disruptions to shipping in the Strait of Hormuz, a vital waterway through which one-fifth of the world's oil shipments pass.In a phone conversation with UN Secretary-General Antonio Guterres, Araghchi called for an end to what he described as military aggression against Iran by the US and Israel. He emphasized that every country and international institution concerned with peace and security must condemn these actions.The situation in the Strait of Hormuz has led to significant increases in oil prices, with Brent crude up 2.5% to $105.70 on Monday, more than 40% higher than before the conflict began on February 28.Several countries are reportedly in talks with Iran to secure safe passage for their ships. A senior adviser to Iran's Islamic Revolutionary Guard Corps (IRGC) had announced on March 2 that the strait was effectively 'closed' and threatened to set transiting ships 'ablaze'.US President Donald Trump has proposed a naval coalition to secure the Strait of Hormuz, but so far, no countries have pledged to join. French President Emmanuel Macron has stated that France will not participate in operations to unblock the strait, but may consider joining an escort system once fighting ends.The European Union is seeking diplomatic solutions to guarantee safe transit through the Strait of Hormuz and mitigate the impact of soaring energy prices on global markets.

The Gaza conflict continues to escalate, with devastating consequences for civilians. Since October, 677 Palestinians have been killed and 1,800 injured in Israeli strikes across the territory. The attacks have averaged about 10 per day over the past five months, leaving a trail of destruction and despair.Abed Elrahman Hamdouna, a 31-year-old father of two and volunteer ambulance driver, was killed in a reported drone strike west of Gaza City. His death is a stark reminder of the ongoing risks faced by healthcare workers in the conflict zone. Hamdouna's family had been worried about him the most during the war, given his role in helping injured people.The Israeli military's actions in Gaza have been widely criticized, with UN experts accusing Israel of 'medicide' and deliberately targeting healthcare workers and facilities. The destruction of Gaza's healthcare system has had a catastrophic impact on the population, with over 1,500 healthcare workers killed in the war.The conflict has also had a profound impact on the mental health and well-being of those affected. Hamza Nabhan, a medical student, described the despair and hopelessness that has become a daily reality for many in Gaza. 'I think about how to wake up, charge my phone, fill my water container. I don’t think about tomorrow.'The international community has expressed concern over the humanitarian situation in Gaza, with Amnesty International accusing Israel of committing genocide against Palestinians. The organization has called for an end to the violence and for those responsible to be held accountable.

A 90-year-old woman was left without her original phone number for three months after BT told her she needed a temporary number while Openreach carried out broadband work. This caused significant distress and disruption to her daily life, as she relies on her phone to stay in touch with family, friends, and medical professionals.The issue began when the woman was sent home from hospital to die at the end of last year and needed broadband installed so a personal alarm could be fitted. BT provided a temporary phone number, but failed to restore her original number, which is crucial for her hospital appointments and communication with her GP.Despite numerous attempts to resolve the issue, BT was unable to restore her original number for three months, citing "system errors" and "procedural issues". The woman's family had to spend a significant amount of time trying to resolve the issue, which added to their stress and frustration.BT eventually restored the woman's original number and apologized for the inconvenience caused. The company also offered a goodwill gesture to compensate for the distress caused. This incident highlights the importance of reliable customer service, particularly for vulnerable individuals who rely on their phone for essential communication.

Moby, the renowned musician, has shared his honest playlist, offering a glimpse into his personal music preferences. He recalls the first song he fell in love with, 'I Fought the Law' by the Clash, which he would record on an old Dictaphone and listen to repeatedly.Moby also shares the first single he bought, 'Convoy' by CW McCall, which he played 40 times in a row, raising concerns for his mother about his future as a musician and addict.He takes pride in never doing the same karaoke song twice, with notable attempts at 'My Way' by Frank Sinatra and 'In Da Club' by 50 Cent. Moby also reveals the song he inexplicably knows every lyric to, 'I Know You Got Soul' by Eric B & Rakim, which he played 8,000 times while DJing in the 80s.Moby discusses the best song to play at a party, 'Been Caught Stealing' by Jane's Addiction, which surprised a crowd of 15 people at a house party in 1989. He also shares the song he can no longer listen to, 'Lola' by the Kinks, due to its gross and transphobic lyrics.Moby confesses to secretly liking 'My Heart Will Go On' by Céline Dion, a song he thought he'd never admit to enjoying. He also shares the best song to have sex to, '4′33″' by John Cage, and the song that changed his life, 'I Feel Love' by Donna Summer.Other songs on Moby's playlist include the song that makes him cry, 'Vincent' by Don McLean, and the song that gets him up in the morning, 'Not to Touch the Earth' by the Doors. He concludes by sharing the song he'd like played in his funeral, 'Last Night' from his 2008 album of the same name.

Palantir, a Miami-based company backed by billionaire Peter Thiel, has secured a three-month trial contract with the Financial Conduct Authority (FCA) to analyze a vast amount of sensitive UK financial regulation data. The deal, worth over £30,000 per week, aims to help the FCA tackle financial crimes such as fraud, money laundering, and insider trading.The FCA has awarded Palantir the contract to investigate its internal intelligence data, which includes highly sensitive case intelligence files, information on problem firms, and reports from lenders about proven and suspected frauds. Palantir will apply its AI system, known as Foundry, to huge quantities of information held by the watchdog, including recordings of phone calls, emails, and social media posts.The contract has raised concerns about privacy and the company's ethical reliability. One source expressed concerns that Palantir may share the information it learns from the FCA with other parties. Palantir's technology is used by the Israeli military and in the US president's ICE immigration crackdown, leading to criticism from left-wing MPs.The FCA has stated that it has strict controls in place to ensure data is protected and that Palantir will only act on instruction from the regulator. The data will be hosted and stored solely in the UK, and Palantir will have to destroy the data after completion of the contract.Experts have highlighted the potential benefits of using AI to tackle financial crimes, but also emphasized the need for robust protocols to protect sensitive information. Prof Michael Levi, an expert in money laundering, noted that AI is a potentially valuable technology to tackle financial crimes, but also raised concerns about the ownership and control of the data.

Rapid‑Action Spyware: The Darksword Campaign UnveiledResearchers at Google, iVerify and Lookout traced a fresh wave of iPhone attacks against Ukrainian users to a toolkit they named Darksword. The tool, linked to the threat actor UNC6353, infiltrates devices via compromised Ukrainian websites, siphons passwords, photos, messaging app data and wallet credentials, then vanishes within minutes.Technical Footprint and Quick‑Turnover MetricsInfection vector: malicious scripts on Ukrainian‑hosted sites, active only for visitors inside Ukraine.Data exfiltration window: minutes of dwell time, depending on volume of harvested information.Capabilities: extraction of WhatsApp, Telegram, SMS, browser history, and cryptocurrency wallet keys.Design: modular architecture allowing rapid addition of new functions, mirroring the earlier Coruna toolkit.Geopolitical and Security ImplicationsThe Darksword operation underscores a growing trend of state‑aligned actors deploying highly specialized mobile spyware for short‑term, high‑value “smash‑and‑grab” missions. While the campaign was geographically limited to Ukraine, its sophistication suggests that similar tools could be repurposed for broader espionage or financial theft, raising concerns for iPhone users worldwide and prompting a reassessment of mobile threat models.Future Outlook: Modular Spyware on the RiseAnalysts predict that the success of Darksword will encourage further development of modular iPhone exploits that prioritize rapid data theft over persistent surveillance. Defensive measures will likely focus on hardening web‑delivery chains, improving app‑store vetting, and enhancing on‑device anomaly detection to counter fleeting, high‑impact attacks.

CrossSense, an innovative AI software, has been awarded a £1m prize for its groundbreaking technology designed to assist individuals with dementia. This cutting-edge system is integrated into smart glasses and features a user-friendly assistant named Wispy. The smart glasses, equipped with a camera, microphone, and speakers, provide wearers with real-time guidance and support through everyday tasks.Wispy offers verbal cues and text prompts that float in front of the wearer's eyes, enhancing their ability to navigate daily life. The AI assistant can also engage in light conversation, ask questions, and aid reminiscences, significantly improving the wearer's independence and quality of life.The Longitude Prize on Dementia, funded by Alzheimer's Society and Innovate UK, aims to encourage the development of technology that helps people with dementia stay independent for longer. About 150 million people are expected to be living with dementia by 2050, making such innovations crucial.The CrossSense technology is expected to cost around £50 a month per subscription, with the smart glasses potentially costing up to £1,000. However, the developers plan to make the technology more affordable over time. The team behind CrossSense plans to conduct a pilot study with smart glasses in people's homes later this year.Prof Julia Simner, who led the study, noted that participants with dementia could correctly identify 46% of household items without the glasses, increasing to 82% with the glasses. An hour after removing the glasses, the identification rate remained high at 78%.While experts praise the innovation, they also highlight the need for larger, more controlled studies to test the device's effectiveness and address ethical considerations regarding data collection and user consent.

The WebKit Vulnerability and the New Patching MechanismApple has officially rolled out its first 'background security improvement' update, marking a significant evolution in its software maintenance strategy. This latest release targets a critical vulnerability discovered in WebKit, the browser engine that powers Safari across iPhones, iPads, and Macs.The advisory reveals that the bug, if exploited, could allow a malicious website to potentially access data from another website within the same browser session. To mitigate this risk, Apple introduced a new category of updates designed to be 'lightweight' and pushed between major software releases.Target Version: iOS, iPadOS, and macOS 26.1 and higher.Scope: Fixes for Safari, WebKit, and system libraries.Deployment: Background updates without requiring a full system reinstall.Efficiency in Security Response: The 'Quick Reboot' AdvantageOne of the most notable aspects of this update is the user experience. Unlike traditional major updates that often require lengthy reboots, this background security improvement only necessitates a quick device restart. This suggests a streamlined deployment process that minimizes user friction while maximizing security coverage.Apple has been testing this feature with software testers prior to the public release, indicating a deliberate effort to refine the mechanism before a wider rollout. The decision to withhold a specific reason for the patch from the public advisory highlights the sensitive nature of the vulnerability.Redefining the Security Patching LifecycleThe introduction of this update model fundamentally changes how Apple addresses the threat landscape. By decoupling critical security fixes from major feature updates, Apple can respond to zero-day threats and active exploits much faster.This approach reduces the 'window of exposure' for users, ensuring that security patches are applied as soon as they are available, rather than waiting for the next annual or bi-annual major OS release cycle.The Future of Continuous SecurityAs this is the inaugural release of the background security improvement program, it sets a precedent for future updates. We can expect to see a shift toward a more continuous security model, where minor but critical patches are pushed regularly to keep devices secure against evolving cyber threats.