CVE-2026-20700 How DarkSword Defeated Apple's Hardware Security — The dyld PAC-TPRO Bypass

Executive Summary CVE-2026-20700 is a memory corruption vulnerability in dyld — Apple’s dynamic linker, the very first piece of code that executes when any iOS application launches. This flaw serv...

Mar 23, 2026 security

CVE-2025-43529 The Garbage Collector Race That Gave DarkSword Its Teeth

Executive Summary CVE-2025-43529 is a use-after-free (UAF) vulnerability in Apple’s JavaScriptCore — the JavaScript engine powering Safari and all browsers on iOS. Buried deep in the interaction b...

Mar 22, 2026 security

CVE-2025-31277 Inside the JavaScriptCore JIT Vulnerability That Opened iPhones to DarkSword

Executive Summary CVE-2025-31277 is a JIT type confusion / use-after-free memory corruption vulnerability in JavaScriptCore — the JavaScript engine that powers Apple’s Safari browser and WebKit ru...

Mar 21, 2026 security

DarkSword The Six-Stage iOS Exploit Kit Used by States, Spies, and Surveillance Vendors

Executive Summary DarkSword is the most sophisticated publicly documented iOS exploit kit to date — a fully weaponized, JavaScript-based full-chain exploit framework that compromises any iPhone ru...

Mar 21, 2026 security

CVE-2026-20131 CVSS 10.0 Cisco Firewall Management Center Zero-Day Exploited by Interlock Ransomware

Executive Summary CVE-2026-20131 is a CVSS 10.0 Critical Remote Code Execution vulnerability in Cisco Secure Firewall Management Center (FMC) Software — the centralized management platform control...

Mar 20, 2026 security