CVE-2026-20700

🚨 Russian APT Star Blizzard deploys DarkSword iOS exploit kit targeting 18.4-18.7. Full-chain: CVE-2025-31277 (JSCore RCE) → CVE-2026-20700 (PAC bypass) → CVE-2025-43520 (kernel privesc). GHOSTKNIFE backdoor exfils in minutes. Update to iOS 26.3+ now. #infosec

TRC analysis shows the leaked DarkSword framework exploits zero-click iOS vulnerabilities (CVE-2025-31277, CVE-2026-20700) to establish remote device control. Attackers pivot across apps and data repositories to exfiltrate messages, account details, and location history. #ZeroDay

"DarkSword" exploit chain, live since Nov 2025, linked 6 flaws: JavaScriptCore (CVE-2025-31277, CVE-2025-43529), dyld PAC bypass (CVE-2026-20700), WebContent sandbox escape (CVE-2025-14174). #cybersecurity

Google’s DarkSword disclosure details a sophisticated JavaScript-based exploit kit weaponizing multiple zero-days (including CVE-2026-20700 and CVE-2025-14174) to chain browser and kernel bugs and seize full control of iOS 18.x devices. Once active, the payload rapidly http

📌 استغلال جهات تهديد متعددة لحزمة استغلال iOS "DarkSword" التي تستهدف ست ثغرات تستغل جهات تهديد متعددة بشكل نشط حزمة استغلال iOS متطورة تُعرف باسم "DarkSword"، والتي

DarkSword: second iOS exploit kit in a month. 6 flaws, 3 zero-days (CVE-2026-20700, CVE-2025-43529, CVE-2025-14174), full device takeover. Targets iOS 18.4-18.7. Russian group UNC6353 deploying it in Ukraine. Keep iOS updated. https://t.co/i2p7J4bmxA #infosec

Top 5 Trending CVEs: 1 - CVE-2023-20198 2 - CVE-2023-50428 3 - CVE-2026-0757 4 - CVE-2024-23225 5 - CVE-2026-20700 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

Top 5 Trending CVEs: 1 - CVE-2026-2441 2 - CVE-2026-20700 3 - CVE-2026-2003 4 - CVE-2025-21042 5 - CVE-2025-59536 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

Top 5 Trending CVEs: 1 - CVE-2026-20700 2 - CVE-2025-1234 3 - CVE-2026-21513 4 - CVE-2026-21241 5 - CVE-2025-5959 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

The @CISAgov added 4 exploited bugs to KEV: SolarWinds WHD (CVE-2025-40536, 9.8), MS ConfigMgr SQLi→RCE (CVE-2024-43468, 9.8), Apple (CVE-2026-20700), Notepad++ (CVE-2025-15556). Patch fast. #cybersecurity #CISO #infosec #ITsecurity https://t.co/zHY8g3q1Ph

⚠️ Vulnerabilidades en productos Apple ❗ CVE-2026-20700 ❗ CVE-2026-20628 ❗ CVE-2025-14174 ➡️ Más info: https://t.co/FopfG5Yavd https://t.co/tb0M4Lx0zO

The @CISAgov added 4 exploited bugs to KEV: SolarWinds WHD (CVE-2025-40536, 9.8), MS ConfigMgr SQLi→RCE (CVE-2024-43468, 9.8), Apple (CVE-2026-20700), Notepad++ (CVE-2025-15556). Patch fast. #cybersecurity #CISO #infosec #ITsecurity https://t.co/zHY8g3q1Ph

The @CISAgov added 4 exploited bugs to KEV: SolarWinds WHD (CVE-2025-40536, 9.8), MS ConfigMgr SQLi→RCE (CVE-2024-43468, 9.8), Apple (CVE-2026-20700), Notepad++ (CVE-2025-15556). Patch fast. #cybersecurity #CISO #infosec #ITsecurity https://t.co/zHY8g3q1Ph

The @CISAgov added 4 exploited bugs to KEV: SolarWinds WHD (CVE-2025-40536, 9.8), MS ConfigMgr SQLi→RCE (CVE-2024-43468, 9.8), Apple (CVE-2026-20700), Notepad++ (CVE-2025-15556). Patch fast. #cybersecurity #CISO #infosec #ITsecurity https://t.co/zHY8g3q1Ph

🚨 CISA adds exploited SolarWinds, Notepad++, Apple, and Microsoft ConfigMgr flaws to KEV — patch-now priority CISA added four in-the-wild exploited CVEs (SolarWinds Web Help Desk bypass CVE-2025-40536, Notepad++ WinGUp update integrity CVE-2025-15556, Apple dyld CVE-2026-207

米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに4件の追加。Microsoft Configuration ManagerのCVE-2024-43468、Notepad++のCVE-2025-15556、SolarWinds Web Help DeskのCVE-2025-40536、Apple複数製品

🛡️ We added Microsoft vulnerability CVE-2024-43468, Notepad++ vulnerability CVE-2025-15556, SolarWinds vulnerability CVE 2025-40536, & Apple vulnerability CVE-2026-20700 to our KEV Catalog. Apply mitigations to protect your org from cyberattacks. https://t.co/myxOwap1Tf