Google Threat Intelligence Group disclosed that an iOS full-link attack tool called DarkSword has been reused by multiple parties since November 2025. The attack chain targets iOS 18.4–18.7, exploiting six vulnerabilities to achieve complete device control and deliver multiple malicious programs. Among them, payloads such as GHOSTBLADE can steal sensitive data including crypto wallet data, private keys/seed phrases, transaction records, and account information. The vulnerability has been fixed, and Google recommends that users update their systems or enable Lockdown Mode in a timely manner.