CP
cyberpings
Malware & RansomwareHIGH

Malware Alert - DarkSword Exploits iOS, Interlock Targets Cisco

S1SentinelOne Labs
DarkSwordInterlockCVE-2026-20131iOSCisco
🎯

Basically, hackers are stealing data from iPhones and breaking into Cisco firewalls.

Quick Summary

A new iOS exploit called DarkSword is stealing personal data from iPhones. Meanwhile, the Interlock ransomware group is exploiting a critical Cisco vulnerability. Both threats pose significant risks to users and enterprises, highlighting the need for immediate action.

What Happened

In a significant turn of events in cybersecurity, two major threats have emerged: the DarkSword exploit and the Interlock ransomware group. DarkSword, an exploit targeting iPhones, is stealing sensitive personal data from users running iOS versions 18.4 to 18.7. Meanwhile, the Interlock ransomware group has been exploiting a critical zero-day vulnerability in Cisco's Secure Firewall Management Center (FMC) software, allowing attackers to execute arbitrary code on unpatched devices. These incidents highlight the evolving landscape of cyber threats and the urgent need for users and organizations to remain vigilant.

Who's Being Targeted

DarkSword primarily targets iPhone users, with recent reports indicating that it has been used against individuals in Saudi Arabia, Malaysia, and Ukraine. The exploit is linked to several threat actors, including Russian-aligned groups and Turkish surveillance firms. On the other hand, the Interlock ransomware group is focusing on enterprises using Cisco FMC software, which is widely deployed in corporate environments. This dual threat affects both individual users and large organizations, underscoring the widespread nature of these cyberattacks.

Signs of Infection

Users affected by DarkSword may notice unusual behavior on their devices, such as unexpected data usage or unauthorized access to personal information. The malware is designed to exfiltrate data discreetly, removing traces after theft. For organizations using Cisco FMC, signs of infection may include unexpected system behavior or alerts from security systems indicating potential breaches. The Interlock group has a history of high-profile attacks, making it crucial for organizations to monitor their networks closely for any signs of compromise.

How to Protect Yourself

To mitigate the risks associated with DarkSword, iPhone users should update their devices to iOS version 26.3.1 and enable Lockdown Mode if they are at high risk. This will help protect against known vulnerabilities exploited by the malware. For organizations using Cisco FMC, it is imperative to apply the latest security patches issued by Cisco immediately. Regularly updating software and maintaining robust security practices can significantly reduce the likelihood of falling victim to these sophisticated cyber threats. Staying informed about emerging threats and adopting proactive security measures is essential in today's digital landscape.

🔒 Pro insight: The exploitation of CVE-2026-20131 by Interlock underscores the critical need for timely patch management in enterprise environments.

Original article from

SentinelOne Labs · SentinelOne

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Interlock Ransomware - Targets Cisco Enterprise Firewalls

Interlock Ransomware is exploiting a critical flaw in Cisco firewalls, putting many enterprises at risk. This attack highlights the urgent need for enhanced cybersecurity measures. Organizations must act quickly to protect their data and systems.

Dark Reading·
HIGHMalware & Ransomware

Ransomware - EDR Killer Tactics Expand Beyond Drivers

Ransomware actors are evolving their tactics, moving beyond exploiting vulnerable drivers to disable endpoint security. This shift poses serious risks to organizations, making it crucial to enhance defenses against these sophisticated attacks.

Cyber Security News·
HIGHMalware & Ransomware

Malware - Fake Job Offers Spread via Google Forms

A new malware campaign is using fake job offers on Google Forms to spread PureHVNC RAT. This poses a significant risk to unsuspecting job seekers. Stay vigilant and verify sources before downloading files.

Malwarebytes Labs·
HIGHMalware & Ransomware

Malware Alert - Google Implements 24-Hour Wait for Sideloading

Google has introduced a 24-hour wait for sideloading unverified apps to combat rising malware threats. This change is crucial for Android users' safety. Developers express concerns about barriers to entry amid these security measures.

The Hacker News·
HIGHMalware & Ransomware

LeakNet Ransomware - What You Need to Know Now

LeakNet, a ransomware gang posing as journalists, is using fake CAPTCHA pages to trick employees into compromising their security. Organizations need to be aware of this tactic to protect sensitive data.

Graham Cluley·
HIGHMalware & Ransomware

Speagle Malware - Hijacks Cobra DocGuard to Steal Data

A new malware named Speagle is targeting Cobra DocGuard, stealing sensitive data through compromised servers. Organizations using this software are at high risk. Immediate action is needed to secure systems and prevent data theft.

Cyber Security News·