DarkSword, a second nation-state-grade iOS exploit kit, has been disclosed — this one targeting current iOS versions (18.4–18.7) with six vulnerabilities including four zero-days, deployed by three separate operators since November 2025. Unlike Coruna which targeted legacy iOS, DarkSword compromises fully patched modern devices. A critical SharePoint deserialization flaw (CVE-2026-20963) patched in January is now confirmed actively exploited. Formal guidance was issued to harden Microsoft Intune after the medical technology wiper, with the confirmed device count revised to ~80,000. The GlassWorm supply chain campaign escalated across npm, Open VSX, and GitHub simultaneously, now using Solana blockchain for C2 and in-memory-only execution.

Links & Resources

• https://www.cybersecbrief.com/news/cybersec/cybersec-2026-03-19
• https://www.cybernewscentre.com/20th-march-2026-cyber-update-headlines-of-the-week/
• https://www.bleepingcomputer.com/news/security/sharepoint-vulnerability-now-exploited-in-attacks/
• https://www.hendryadrian.com/cybersecurity-news-daily-recap-19-mar-2026/
• https://thehackernews.com/2026/03/interlock-ransomware-exploits-cisco-fmc.html
• https://www.bleepingcomputer.com/news/security/glassworm-supply-chain-attack-targets-github-npm-vscode-extensions/
• https://www.scworld.com/news/no-restoration-timeline-for-medical-device-maker-stryker-after-cyberattack
• https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit