DarkSword iOS exploit chain adopted by multiple threat actors: Report

Lookout Threat Labs, and iVerify published coordinated research in March 2026 on DarkSword, a JavaScript-based full-chain exploit that compromises iOS devices running versions 18.4 through 18.7 (some ...

After Discord fiasco, age-check tech promises privacy by running locally. Does it work?

Discord’s reversal followed a widespread user backlash, which also intensified scrutiny of the platform’s age-check partners. Suddenly, these often-overlooked players in the “age-assurance” ecosystem ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
Cybernews

Threat actors linked to Russia target Ukrainian entities with new backdoor

The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear, a group tracked by Microsoft as Void Blizzard.

Your browser’s payment autofill can be hacked. Use these 3 alternatives instead

Storing payment details in your browser or online shops is convenient but poses a high security risk. Read on to find out what you should do instead.

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.