The Google Threat Intelligence Group (GTIG) has identified a sophisticated exploit chain named DarkSword, specifically targeting iOS versions 18.4 to 18.7. This exploit encompasses multiple zero-day vulnerabilities, enabling full device compromise. DarkSword has been utilized by several threat actors, including commercial surveillance vendors and suspected state-sponsored groups, in various campaigns against targets across Saudi Arabia, Turkey, Malaysia, and Ukraine since late 2025. It has been observed that three malware families, GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER, were deployed following successful infiltrations.