The iPhone Exploit Kit Is on GitHub Now. We Warned You About AI Tooling. The Weapons Are Following.

Two exploit chains dropped over Easter weekend while your security team was at church. One takes over iPhones through a website visit. The other takes over servers through a single HTTP request. Both are publicly available. Both are being used in the wild right now.

We predicted this trajectory. Here's the proof, and here's what you do about it.

DarkSword: Full iPhone Takeover, Now Open Source

DarkSword is a complete iOS exploit chain that strings together six vulnerabilities — three of them zero-days — to go from a browser visiting a compromised website to full device takeover. No clicks. No prompts. No user interaction. Visit the wrong page, lose everything.

What it steals: emails, iCloud Drive files, contacts, SMS messages, Safari history and cookies, cryptocurrency wallet data, usernames, passwords, photos, call history, and message histories from Telegram and WhatsApp.

It targets iOS 18.4 through 18.7. Apple rushed out iOS 18.7.7 on April 1 to patch it.

The critical detail: DarkSword was posted to GitHub. The exploit kit that commercial spyware vendors and state-backed actors were using to target journalists and dissidents in Saudi Arabia, Turkey, Malaysia, and Ukraine is now available to anyone who can read a README.

Google's Threat Analysis Group documented multiple threat actors adopting DarkSword independently. Lookout published a threat intelligence advisory. Apple expanded patches to older devices. The proliferation is happening faster than the patching.

We wrote about this pattern in March when we covered the Cisco FMC "PoC" that bundled webshells. The GitHub weaponization pipeline is accelerating — legitimate security research gets published, threat actors clone it, add payloads, and redistribute. Our exploit harvester was built specifically to catch this: we scan GitHub every 6 hours, classify repos as detection PoC or weaponized, and flag the weaponized ones for review. The last harvest cycle flagged 9 weaponized repos.

DarkSword is the most dangerous version of this pattern we've seen. It's not a webshell hidden in a fake PoC. It's a full exploit chain targeting the most popular phone on earth, published in the open.

React2Shell: One HTTP Request, Full Server Compromise

While DarkSword targets phones, React2Shell targets the servers that build the web.

CVE-2025-55182 is a CVSS 10.0 remote code execution vulnerability in React Server Components. If your application uses React 19.x with Next.js 15.x or 16.x App Router — which describes a significant percentage of the modern web — a single malicious HTTP request can execute arbitrary code on your server.

766 hosts have already been compromised across multiple cloud providers. The threat cluster UAT-10608 is running automated credential harvesting at scale, stealing AWS secrets, SSH private keys, Stripe API keys, GitHub tokens, database credentials, and shell command history. China-nexus groups Earth Lamia and Jackpot Panda exploited it within hours of disclosure.

AWS, Microsoft, Google, Wiz, Datadog, and Palo Alto Unit 42 all published advisories. When six major vendors scramble simultaneously, the vulnerability is real.

This is the supply chain attack pattern we've been tracking since we started counting. We call it Pattern 38 — the cascading exploitation of trusted infrastructure. React Server Components are trusted infrastructure. Next.js is trusted infrastructure. The frameworks that developers rely on to build secure applications are themselves the attack vector.

We tracked this pattern through Trivy to Checkmarx to npm to Axios. We tracked it through CanisterWorm's blockchain-based C2 that can't be taken down conventionally. We tracked it through the European Commission breach that CERT-EU officially attributed to TeamPCP. React2Shell is the same pattern applied to the frontend framework that runs half the internet.

The AI Tooling Thread

In March, we published "The AI Agent Builder Got Owned in 20 Hours" about Langflow CVE-2026-33017 — a CVSS 9.3 unauthenticated RCE in the AI agent framework. CISA added it to the KEV catalog. Hackers exploited it 20 hours after the advisory dropped. Federal agencies were ordered to patch by April 8.

Then n8n, a comparable AI workflow tool, disclosed a CVSS 10.0 vulnerability enabling full instance takeover.

Now DarkSword targets the devices that access AI tools. React2Shell targets the servers that host them. Langflow and n8n target the AI frameworks themselves.

The pattern: the attack surface is migrating from traditional infrastructure to AI tooling and the modern web frameworks that power it. We wrote about this before it was obvious. The landscape is validating the thesis weekly.

What We Already Tracked

This isn't Monday morning quarterbacking. Here's what we published and what happened next:

We wrote about Langflow getting owned in 20 hours in March. Since then, CISA KEV'd it, n8n hit CVSS 10.0, and AI tooling is now a confirmed attack category.

We wrote about Pattern 38 and supply chain cascades through Trivy, Axios, and CanisterWorm. Since then, CERT-EU officially attributed the European Commission breach to TeamPCP, React2Shell compromised 766 hosts, and the cascade count is now at 20 instances.

We wrote about GitHub weaponization when we found webshells hidden in a fake Cisco FMC PoC. Since then, DarkSword — a full iOS exploit chain — was posted to GitHub and adopted by multiple state actors.

We wrote about management plane attacks with UNC6395 in September 2025. Since then, Fortinet EMS produced two critical zero-days in two weeks, both actively exploited, both pre-authentication.

We built the exploit harvester to catch this. We built the honeypots to detect the reconnaissance. We built the STIX feed to distribute the detection rules. The tools exist because the predictions were right.

What You Do Right Now

For DarkSword: Update every iOS device in your organization to 18.7.7. Today. Not this week. Today. The exploit kit is on GitHub. The barrier to entry just dropped to zero.

For React2Shell: If you run React 19.x with Next.js App Router, patch immediately. Audit your server credentials — if you were compromised, your AWS keys, SSH keys, and database passwords are already exfiltrated. Rotate everything.

For Langflow and n8n: CISA deadline is April 8. If you're running either tool, patch or shut it down. Unauthenticated RCE means anyone on the internet can take over your AI workflows.

For all of the above: Your threat feed should be carrying these IOCs. Ours does. The DarkSword indicators, the React2Shell compromised host patterns, the Langflow exploitation signatures — they're all flowing through our STIX feed to 275+ organizations automatically.

Point your SIEM at analytics.dugganusa.com/api/v1/stix-feed and the detection rules update every 6 hours. The exploit harvester grabs the PoCs. The honeypots catch the scanners. The feed distributes it all.

Free tier at analytics.dugganusa.com/stix/register — because the exploits are free too.

Previously:

• The AI Agent Builder Got Owned in 20 Hours (March 2026)

• The Cisco FMC "POC" on GitHub Has a Webshell in It (March 2026)

• I Wrote About The Breach That Keeps Breaching in September. It's April and It's Still Breaching (April 2026)

• Does Your Threat Feed Auto-Harvest Exploit Code From GitHub? Ours Does Now (April 2026)

• 35 Ransomware Victims in 48 Hours. Happy Easter. (April 2026)

Her name was Renee Nicole Good.

His name was Alex Jeffery Pretti.

The cheapest, fastest, most accurate threat feed on the internet.

275+ enterprises pulling daily. 1M+ IOCs. 17.4M indexed documents. We beat Zscaler by 43 days on NrodeCodeRAT. Starter tier $9/mo — less than any competitor’s sales demo.

Look up an IOC → · Audit your brand on AIPM → · See pricing →