Critical WebKit Patch, iOS Zero-Days, and Zimbra XSS Exploited

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Takeover

• Researchers have uncovered "DarkSword," a sophisticated iOS exploit kit leveraging six vulnerabilities, including three zero-days, to achieve full device takeover.
• The exploit kit is believed to be deployed by government-backed threat actors in targeted attacks against high-value individuals, indicating state-sponsored activity.
• "DarkSword" utilizes a complex chain of exploits, bypassing modern iOS security features to gain persistent control over affected Apple devices.

Source: The Hacker News | Date: March 19, 2026

Russian APT Exploits Zimbra XSS Flaw (CVE-2025-66376) in Ukraine Attacks

• A Russian advanced persistent threat (APT) group has been observed actively exploiting an XSS vulnerability (CVE-2025-66376) in Zimbra Collaboration Suite to target entities in Ukraine.
• The vulnerability allows attackers to inject malicious scripts into webmail, potentially leading to credential theft and further compromise of user accounts through browser-based attacks.
• CISA has added this flaw to its Known Exploited Vulnerabilities catalog, urging all Zimbra users, especially those in targeted regions, to patch immediately.

Source: Security Affairs | Date: March 19, 2026

Critical jsPDF Library Flaw Creates XSS Traps in Generated Documents (CVE-2026-31938)

• A critical XSS vulnerability (CVE-2026-31938) with a CVSS score of 9.6 has been discovered in the popular jsPDF library, dubbed "Invisible Ink."
• The flaw allows attackers to embed malicious JavaScript within generated PDF documents, leading to cross-site scripting attacks when these PDFs are viewed in a browser.
• Developers using jsPDF in web applications are urged to update to a patched version to prevent potential client-side code execution and data exfiltration through compromised documents.

Source: SecurityOnline.info | Date: March 19, 2026

Apple Patches WebKit Vulnerability CVE-2026-20643 Across iOS, macOS

• Apple has released security updates for iOS, iPadOS, and macOS to address a WebKit vulnerability, CVE-2026-20643, which could lead to arbitrary code execution.
• This flaw impacts Safari and all other browsers on iOS/iPadOS that rely on WebKit, making immediate updates crucial for user security across Apple platforms.
• Users are advised to update their devices to the latest available software versions, such as iOS 19.4.1 and macOS Sonoma 14.4.1, to apply the necessary patches and mitigate exploitation risks.

Source: The Cyber Express | Date: March 19, 2026

References

1. DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover - The Hacker News
2. DarkSword: Researchers uncover another iOS exploit kit - Help Net Security
3. Multiple Threat Actors Exploiting a Six-Vulnerability iOS Exploit Kit Dubbed “DarkSword” - The Cyber Express
4. DarkSword emerges as powerful iOS exploit tool in global attacks - Security Affairs
5. Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376 - Security Affairs
6. CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks - CybersecurityNews
7. CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks - The Hacker News
8. Gebruikers van Zimbra-webmail aangevallen via XSS-kwetsbaarheid - security.nl
9. Exploited in the Wild: CISA Warns of Active Attacks on Microsoft SharePoint and Zimbra - SecurityOnline.info
10. Invisible Ink: Critical 9.6 CVSS jsPDF Flaw Turns Generated Documents into XSS Traps - SecurityOnline.info
11. Apple Patches WebKit Vulnerability CVE-2026-20643 Across iOS, macOS - The Cyber Express