Two days ago I had the pleasure of presenting our latest research at iVerify about #NSO #Pegasus BLASTPASS Exploit Chain at #BHASIA in Singapore. (blackhat.com/asia-24/briefin…) During the talk I presented how forensic analysis led to the discovery of the sample, the amount of steps

The lineup for our (free!) "Objective for the We" (#OFTW) v4 is out! 🔥 July 30–31st in Berlin, it will feature @Helthydriver @bellis1000 @Fox0x01 @osint_barbie @naehrdine @patrickwardle more 🧠 Student or getting into 🍎-security? Apply to attend: objective-see.org/oftw/v4.ht…

Had a lot of fun reversing Coruna over the last couple weeks and decided it would be worth to write it all up before I forget - so enjoy :) littlelailo.github.io/writeu…

See you in Berlin🎉 Special thanks to @xnyhps and @_xpn_ , some of this work is based on their research. The vulnerabilities disclosed in this presentation can all lead to General TCC Bypasses. I think there are some fundamental issues in the way Apple designed these security mechanisms. If you test them one by one, they may look safe. But when you look at them together, you’ll find that many of them become weak points. Some of these attack surfaces are still exploitable right now, and may stay that way for a while. Honestly, I didn’t want to disclose them before, because there were still bugs to find in these attack surfaces. And even if Apple patches them in the future, I’m still pretty sure I can bypass the protections and get LPE again. But with the macOS bug bounty going down, spending time on local macOS bug hunting is worthless. So I’m shifting more of my focus to remote macOS bug hunting, iOS bug hunting, and Web3. That’s why I’m disclosing them now. @offensive_con #OffensiveCon26

Use @IsMyPhoneHacked to detect and remediate DarkSword infection vimeo.com/1176404490 We recorded small demonstration of live DarkSword infection and detection. iVerify basic app is still free on appstore.

A new version of iPhone exploit kit DarkSword has been leaked on GitHub; iVerify co-founder Matthias Frielingsdorf says the exploits "will work out of the box" (TechCrunch) techcrunch.com/2026/03/23/so… techmeme.com/260323/p39#a260… 📥 Send tips! techmeme.com/contact

Erst "nur" für staatliche Spionage eingesetzt – jetzt in kriminellen Händen. Eine mächtige iPhone-Spyware zeigt gerade, wie das läuft. Wir warnen seit Jahren beim #Bundestrojaner. Sicherheitslücken haben keine Exklusivität. Sie stehen ALLEN offen. derstandard.at/story/3000000…

Idea for Apple - discount on buying a new iPhone if your old iPhone got hit with Coruna or DARKSWORD. x.com/ryanaraine/status/2035…

Two full iOS exploit kits in one month, deployed via watering holes on public websites, potentially affecting hundreds of millions of devices. Will Apple acknowledge that this no longer fits the "very small number of highly targeted individuals" narrative?

In collaboration with Lookout and Google (thank you 🙏) we have been working on tearing down and building detections for DarkSword - iOS exploit chain for iOS 18.4 - 18.7. Super excited for this research 🎉. Please update your iPhones. iverify.io/blog/darksword-io…

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors cloud.google.com/blog/topics…

RT @StopMalvertisin: Mandiant | The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors cloud.google.com/blog/topics…

here we go again, new iOS full-chain exploit dubbed DarkSword targeting entities in Ukraine, Saudi Arabia, Turkey, and Malaysia via compromised domains iverify.io/blog/darksword-io… , cloud.google.com/blog/topics… , lookout.com/threat-intellige…

I’ve been briefed on this one from the team that found it. I interviewed them yesterday and will put out a video soon. - it’s an insane story between Darksword and Coruna.

A powerful iPhone-hacking technique known as DarkSword has been discovered in use by Russian hackers. It can take over devices running iOS 18 that simply visit infected websites. wired.com/story/hundreds-of-…

RT @StopMalvertisin: CyberScoop | Second iOS exploit kit emerges from suspected Russian hackers using possible U.S. government-developed to…

A second iOS exploit has been spotted in use by Russian spies to infect websites and hack visitors' iPhones. This one works on iOS 18, and appeared in a very reusable form, so will likely proliferate. If you haven't updated your iPhone, now's the time. wired.com/story/hundreds-of-…

This tool has already been used in distinct hacking campaigns against Ukrainians, Malaysians, Saudi and Turkish victims. If other hackers needed any more encouragement to adopt it, too, the Russian spies who used it left it fully unobfuscated with helpful code comments legible.

Strait of hormuz right now

Thank you for uploading the Coruna samples from the Google blogpost! Available on @virustotal here ->

virustotal.com/gui/file/76ff… 🎁