Second iOS exploit kit emerges from suspected Russian hackers using possible U.S. government-developed tools | CyberScoop<\/title> <meta name=\"description\" content=\"Researchers have discovered a second instance of suspected Russian hackers repurposing iOS exploits believed to originally be made on behalf of the U.S. government, pointing to what they say are several foreboding trends.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Second iOS exploit kit emerges from suspected Russian hackers using possible U.S. government-developed tools\"> <meta property=\"og:description\" content=\"Researchers have discovered a second instance of suspected Russian hackers repurposing iOS exploits believed to originally be made on behalf of the U.S. government, pointing to what they say are several foreboding trends.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-03-18T14:00:00+00:00\"> <meta property=\"article:modified_time\" content=\"2026-03-18T14:15:26+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools-1.jpg\"> <meta property=\"og:image:width\" content=\"1974\"> <meta property=\"og:image:height\" content=\"1519\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1773246214g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1772477397g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1773271249g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88273\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88273\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsecond-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsecond-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88273 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.793791574279\">\n<div class=\"single-article__header-content\" readability=\"38.461009174312\">\n<p> The kit, named DarkSword, has a variety of possible implications, the research from iVerify, Lookout and Google suggests. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88273\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"493\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools.jpg?resize=640%2C493&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Darksword exploit kit\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools-1.jpg 1974w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools-1.jpg?resize=300,231 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools-1.jpg?resize=768,591 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools-1.jpg?resize=1024,788 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools-1.jpg?resize=1536,1182 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools-1.jpg?resize=600,462 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools-1.jpg?resize=218,168 218w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools-1.jpg?resize=438,337 438w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools-1.jpg?resize=877,675 877w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools-1.jpg?resize=1096,843 1096w\" sizes=\"(max-width: 877px) 100vw, 877px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"51.918993314982\"><body readability=\"106.08791208791\"><\/p>\n<p>Researchers have discovered a second instance of suspected Russian hackers repurposing iOS exploits believed to originally be made on behalf of the U.S. government, pointing to what they say are several foreboding trends.<\/p>\n<p><a href=\"https:\/\/iverify.io\/blog\/darksword-ios-exploit-kit-explained\">iVerify<\/a>, <a href=\"https:\/\/www.lookout.com\/blog\/darksword\">Lookout<\/a> and Google collaborated on the research published Wednesday, a follow-up to earlier revelations about <a href=\"https:\/\/cyberscoop.com\/coruna-ios-exploit-kit-leaked-us-framework\/\">a similar exploit kit<\/a>, Coruna. While the second kit \u2014 dubbed DarkSword \u2014 also targeted users in Ukraine, the scale is significant: iVerify estimated up to 270 million iPhone users could be susceptible, while Lookout told CyberScoop roughly 15% of all iOS devices currently in use are running <a href=\"https:\/\/cyberscoop.com\/tag\/ios\/\">iOS<\/a> 18 or earlier versions and could be vulnerable to the exploit kit.<\/p>\n<p>The research reveals a range of new details, as well as interesting patterns:<\/p>\n<ul class=\"wp-block-list\">\n<li>Whereas Russian and Chinese hackers used Coruna with financial gain in mind, there are signs DarkSword could serve both financial and surveillance purposes, and\/or could be used to inflict harm.<\/li>\n<li>Lookout observed that someone used a large language model to customize both Coruna and DarkSword.<\/li>\n<li>The discovery of DarkSword reinforces earlier concerns about a secondary exploit market, Lookout and iVerify said.<\/li>\n<li>DarkSword is the second \u201cmass\u201d iOS campaign discovered this month, with the first known one to be Coruna.<\/li>\n<li>Both kits suggest cyberattacks are migrating toward mobile phones as they make up a bigger portion of internet traffic, Rocky Cole, iVerify\u2019s co-founder and chief operating officer, told CyberScoop.<\/li>\n<\/ul>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>DarkSword can exfiltrate saved passwords, crypto wallets, text messages and more, researchers found. Attackers are leveraging the exploit kit by first compromising <a href=\"https:\/\/cyberscoop.com\/tag\/apple\/\">Apple<\/a>\u2019s WebKit and then using WebGPU as a pivot point for sandbox escapes, according to Justin Albrecht, Lookout\u2019s global director for mobile threat intelligence.<\/p>\n<p>What\u2019s less clear is who, exactly, is behind the exploit kit, other than the links to <a href=\"https:\/\/cyberscoop.com\/tag\/russia\/\">Russia<\/a>. Cole said DarkSword is hosted on the same command and control infrastructure as Coruna, but is an entirely separate kit made by entirely separate people. Google has attributed the campaigns to a group it tracks as UNC6353, which it describes as a Russian-backed espionage group. <\/p>\n<p>The attackers\u2019 motives are also a bit opaque, mixing what appears to be both espionage and financial objectives. Albrecht noted there is precedent for this: Russian threat groups have targeted cryptocurrency in Ukraine before, notably with <a href=\"https:\/\/cyberscoop.com\/sandworm-ukraine-infamous-chisel\/\">Infamous Chisel<\/a>, an <a href=\"https:\/\/cyberscoop.com\/tag\/android\/\">Android<\/a> exploit kit deployed by <a href=\"https:\/\/cyberscoop.com\/tag\/sandworm\/\">Sandworm<\/a>. <\/p>\n<p>\u201cThey\u2019re probably well-funded, probably well-connected, but it\u2019s confirmed that they\u2019re stealing crypto. There is definitely a financial motivation,\u201d Albrecht told CyberScoop. \u201cNow, I think the big question is, depending on who the group is, is the financial motivation in this just to do damage to Ukrainians, or is it to steal crypto?\u201d<\/p>\n<p>Russia has been under heavy sanctions for a long time and is starting to have budget problems due to the ongoing war in Ukraine, he noted. \u201cWhy not start to fund their operations with stolen funds? It wouldn\u2019t be outside the norm, although it would be a potential shift in their TTPs for Russian APTs in general,\u201d Albrecht said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The kit could be handy for someone trying to do a \u201cpattern of life\u201d analysis, Cole said, and thus useful for surveillance and intelligence purposes.<\/p>\n<p>He said a commercial spyware vendor might have made the kit with no target audience in mind, thus the \u201cSwiss Army knife\u201d-like quality of it. The major concern for Cole is that there\u2019s apparently a growing market for these kinds of tools, and people may be lulled into a false sense of security about iPhones not being vulnerable.<\/p>\n<p>Despite the sophistication of the exploits themselves, the threat actors behind DarkSword may not be particularly experienced, Albrecht said. None of the JavaScript or HTML code was obfuscated in any way, and the server-side component was labeled \u201cDark sword file receiver\u201d \u2014 poor operational security for a seasoned Russian threat actor.<\/p>\n<p>\u201cYour experienced Russian threat actors, your <a href=\"https:\/\/cyberscoop.com\/tag\/apt29\/\">APT29\u2019<\/a>s of the world, I would expect them to have better OPSEC,\u201d Albrecht said.<\/p>\n<p>One of the more unusual findings in the research is the clear presence of large language model-generated code. The server-side component of DarkSword, for instance, includes telltale signs of AI-generated code, complete with detailed notes and comments characteristic of LLM output. It\u2019s a development that effectively lowers the barrier to entry for deploying advanced mobile exploits, even among state-sponsored actors, Albrecht said.<\/p>\n<p>All three research teams have been in contact with Apple about the findings, according to Albrecht, with Google likely in closest contact since they began investigating the threat in late 2025. Google did not make its research available to CyberScoop prior to publication.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"0.3625730994152\">\n<div class=\"author-card\" readability=\"7\">\n<p><h4 class=\"author-card__name\">Written by Tim Starks and Greg Otto<\/h4>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Second iOS exploit kit emerges from suspected Russian hackers using<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[303,384,271,6091,3734,6213,387,3586,3261,2287,256,270,880,482,288],"tags":[307,388,277,6094,3736,6214,391,3588,3262,2296,262,276,881,484,294],"class_list":["post-8440","post","type-post","status-publish","format-standard","hentry","category-apple","category-artificial-intelligence-ai","category-china","category-coruna","category-crypto-crime","category-darksword","category-google","category-ios","category-iverify","category-lookout","category-research","category-russia","category-sandworm","category-spyware","category-threats","tag-apple","tag-artificial-intelligence-ai","tag-china","tag-coruna","tag-crypto-crime","tag-darksword","tag-google","tag-ios","tag-iverify","tag-lookout","tag-research","tag-russia","tag-sandworm","tag-spyware","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/apple\/\" rel=\"category tag\">Apple<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/artificial-intelligence-ai\/\" rel=\"category tag\">artificial intelligence (AI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/coruna\/\" rel=\"category tag\">Coruna<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/crypto-crime\/\" rel=\"category tag\">crypto crime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/darksword\/\" rel=\"category tag\">Darksword<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ios\/\" rel=\"category tag\">iOS<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iverify\/\" rel=\"category tag\">iVerify<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/lookout\/\" rel=\"category tag\">Lookout<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sandworm\/\" rel=\"category tag\">Sandworm<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/spyware\/\" rel=\"category tag\">spyware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8440","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8440"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8440\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8440"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8440"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8440"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8440,"date":"2026-03-18T09:00:00","date_gmt":"2026-03-18T14:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88273"},"modified":"2026-03-18T09:00:00","modified_gmt":"2026-03-18T14:00:00","slug":"second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/03\/18\/second-ios-exploit-kit-emerges-from-suspected-russian-hackers-using-possible-u-s-government-developed-tools\/","title":{"rendered":"Second iOS exploit kit emerges from suspected Russian hackers using possible U.S. government-developed tools"},"content":{"rendered":"