Originally reported by The Hacker News, Ars Technica Security, Microsoft Security, Qualys, SANS ISC, MSRC Security Updates
TL;DR
Russian hackers are actively using the powerful DarkSword exploit kit to target hundreds of millions of iPhones, while new Perseus banking malware threatens Android devices and 54 different EDR killer tools exploit vulnerable drivers to disable security software.
Multiple active threats including DarkSword exploit kit targeting hundreds of millions of iPhones in the wild by Russian hackers, new Perseus banking malware actively distributed, and 54 EDR killers using BYOVD techniques.
The cybersecurity landscape continues to evolve with threats spanning mobile platforms, endpoint security, and enterprise infrastructure. This week brings active exploitation of iPhone vulnerabilities, sophisticated Android banking malware, and systematic abuse of vulnerable drivers to bypass security controls.
Researchers have discovered DarkSword, a powerful iPhone-hacking technique, being actively used by Russian hackers to target hundreds of millions of devices. Apple has warned users running outdated iOS versions to update immediately to protect against web-based attacks from sophisticated exploit kits including DarkSword and Coruna. These attacks leverage malicious web content to target out-of-date iOS versions, triggering infection chains that lead to sensitive data theft.
Cybersecurity researchers have identified Perseus, a new Android malware family built on the foundations of Cerberus and Phoenix banking trojans. Perseus represents a more flexible and capable platform for device takeover (DTO) and financial fraud, with unique capabilities including monitoring notes applications to extract sensitive data. The malware is actively distributed through dropper applications and poses significant risks to Android users' financial information.
A comprehensive analysis reveals 54 endpoint detection and response (EDR) killer programs leveraging bring your own vulnerable driver (BYOVD) techniques to abuse 35 different signed vulnerable drivers. These tools have become standard components in ransomware operations, allowing affiliates to neutralize security software before deploying file-encrypting malware. The analysis highlights the persistent threat posed by vulnerable drivers in enterprise environments.
Researchers have flagged Speagle, a new malware strain that hijacks the functionality and infrastructure of legitimate Cobra DocGuard software. The malware harvests sensitive information from infected computers and transmits it to compromised Cobra DocGuard servers, effectively masking data exfiltration as legitimate DocGuard traffic. This technique demonstrates increasing sophistication in malware infrastructure abuse.
Google has introduced a new "advanced flow" requiring a mandatory 24-hour wait period for installing apps from unverified developers on Android devices. This change aims to balance platform openness with security, building on previous developer verification mandates requiring Android apps to be registered by verified developers.
Qualys researchers warn that Model Context Protocol (MCP) servers are becoming the default connection layer between AI agents and enterprise applications, creating new shadow IT risks. Most organizations lack visibility into where MCP servers exist, what they expose, or how they can be exploited. Qualys has enhanced its TotalAI platform with layered discovery capabilities for MCP servers across network, host, and supply chain perspectives.
Microsoft Security researchers document increased phishing and malware campaigns leveraging tax-related lures during filing season. Threat actors exploit the urgency and familiarity of time-sensitive communications including refund notices, payroll forms, filing reminders, and requests from tax professionals to distribute malicious attachments, links, and QR codes.
SANS ISC researchers discovered a malicious Bash script installing GSocket backdoors on victim systems. While the delivery mechanism remains unknown, the script demonstrates continued use of legitimate tools for malicious purposes.
Microsoft has announced Zero Trust for AI, adding an AI pillar to its workshop offerings with enhanced reference architecture, updated guidance, and new assessment tools. The framework addresses growing security concerns around AI system deployment and governance.
Security researchers emphasize the importance of behavioral analytics in detecting AI-enabled cyber attacks. Cybercriminals increasingly use AI to generate personalized phishing emails, deepfakes, and malware that evade traditional detection by mimicking normal user behavior and bypassing legacy security models.
Microsoft's security update guide published numerous CVE disclosures including CVE-2026-32169, an Azure Cloud Shell elevation of privilege vulnerability involving server-side request forgery that allows unauthorized attackers to elevate privileges over networks. Additional disclosures span kernel components, file systems, networking stacks, and various drivers across multiple years and products.
Originally reported by The Hacker News, Ars Technica Security, Microsoft Security, Qualys, SANS ISC, MSRC Security Updates