Cybersecurity News | Daily Recap [28 Mar 2026] Daily Recap, a roundup of recent cybersecurity activity highlights macOS ClickFix delivering Infiniti Stealer via a Nuitka loader, iOS exploitation by TA446 using DarkSword to deploy GHOSTBLADE and MAYBEROBOT, and backdoored Telnyx PyPI packages pushed by TeamPCP that use WAV steganography to exfiltrate SSH keys and tokens. The report also covers critical advisories (CVE-2026-3055, CVE-2025-53521), the Open VSX Open Sesame fix, major breaches including the European Commission cloud incident and Handala's alleged exfiltration of FBI director materials, plus governance moves such as the CSAM ruling, UK donation limits, the Chip Security Act, and OpenAI's Bug Bounty program. #InfinitiStealer #DarkSword #GHOSTBLADE #MAYBEROBOT #TeamPCP #Telnyx #NetScaler #CVE2026-3055 #CVE2025-53521 #EuropeanCommission #AnimePlay #Handala #OpenAI #Bugcrowd #OpenVSX #CSAMRuling #ChipSecurityAct

macOS ClickFix spreads Infiniti Stealer via Nuitka loader; TA446 exploits iOS with DarkSword deploying GHOSTBLADE, MAYBEROBOT; TeamPCP backdoors Telnyx PyPI using WAV steganography. EU cloud breach and FBI data leaks reported. #Infosec #iOSExploits

Coruna iOS exploit framework linked to Triangulation attacks Coruna is a maintained successor to the Operation Triangulation iOS exploit framework, expanding its capabilities to target modern Apple chips and iOS versions. The kit contains five exploit chains using 23 vulnerabilities and has been repurposed from targeted espionage to broader crypto-theft campaigns. #Coruna #OperationTriangulation

Coruna, successor to Operation Triangulation, uses 5 iOS exploit chains with 23 vulnerabilities targeting A17 and M3 chips. Shifted from espionage to crypto-theft campaigns. #iOSExploits #AppleSecurity #US

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors Google Threat Intelligence Group (GTIG) identified DarkSword, a JavaScript-based full-chain iOS exploit that chained six vulnerabilities to achieve kernel privileges and deploy final-stage payloads including GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER against targets running iOS 18.4–18.7. GTIG observed multiple users of DarkSword—UNC6748, PARS Defense customers, and UNC6353—targeting victims in Saudi Arabia, Turkey, Malaysia, and Ukraine, and urged updates to the latest iOS or enabling Lockdown Mode where updates are not possible. #DarkSword #GHOSTBLADE #GHOSTKNIFE #GHOSTSABER #UNC6353 #UNC6748 #PARSDefense #iOS

DarkSword, a JavaScript-based full-chain iOS exploit, uses six vulnerabilities to gain kernel privileges and deploy payloads like GHOSTBLADE, targeting devices across Saudi Arabia, Turkey, Malaysia, and Ukraine. #DarkSword #Ukraine #iOSExploits

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group (GTIG) said. It's not effective against the latest version of iOS. The findings were first reported by WIRED. "The

iT4iNT SERVER Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 VDS VPS Cloud #iOS #iOSExploits #CyberSecurity #Apple #iPhoneSecurity