appsec.fyi · Sources

techcrunch.com

7 curated AppSec resources from techcrunch.com across 2 topics on appsec.fyi.

techcrunch.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-14.

Mobile 4 Supply Chain 3
Date Added Resource Excerpt
2026-05-14 2026OpenAI says hackers stole some data after latest code security issueSupply ChainWriteup detailing OpenAI's incident where hackers compromised TanStack, a popular open-source library, leading to the theft of credentials from two employee devices. The attack involved malicious updates to TanStack, designed to steal credentials and self-propagate, similar to past supply-chain attacks on projects like Axios and Daemon Tools. While OpenAI reported no compromise of production systems or user data, limited internal source code repositories were accessed, prompting credential rotation.
2026-05-05 2026Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attackSupply ChainWriteup on a widespread supply chain attack where Chinese-linked hackers planted a backdoor in Daemon Tools, targeting thousands of Windows computers. This backdoor allowed the attackers to deploy additional malware on systems in the retail, scientific, manufacturing, and government sectors in Russia, Belarus, and Thailand. The attack, detected April 8th, remains active and highlights the growing trend of compromising popular software to distribute malicious code.
2026-04-11 2026Apple releases security fix for older iPhones and iPads to protect against DarkSword attacksMobileLibrary update addressing DarkSword attacks on older iPhones and iPads, specifically iOS 18.7.7 and iPadOS 18.7.7. DarkSword is a hacking toolkit that can steal device data, including messages, browser histories, location, and cryptocurrency, by exploiting websites hosting malicious code. This update protects against these web-based attacks, which have been observed in several countries, and is also mitigated by Lockdown Mode.
2026-04-08 2026A major hacking tool has leaked online putting millions of iPhones at risk. Heres what you need to know.MobileLibrary of leaked hacking toolkits, Coruna and DarkSword, poses a significant risk to millions of iPhones and iPads. Coruna targets iOS 13 through 17.2.1, while DarkSword exploits vulnerabilities in iOS 18.4 to 18.7. These tools, some reportedly originating from U.S. defense contractor L3Harris, allow attackers to gain full device control, steal data like messages and cryptocurrency, and were allegedly linked to Operation Triangulation. The DarkSword toolkit has been leaked online via GitHub, making it accessible for widespread attacks.
2026-04-07 2026Someone has publicly leaked an exploit kit that can hack millions of iPhonesMobileTool leaked on GitHub allows easy targeting of millions of iPhones and iPads running older iOS versions, specifically mentioning iOS 18. Researchers warn the DarkSword exploit kit is simple to deploy, requiring minimal expertise. Post-exploitation capabilities include exfiltrating sensitive data like contacts, messages, and the iOS keychain via HTTP. This spyware was allegedly used by Russian government hackers against Ukrainian targets and is considered a significant threat due to its widespread vulnerability.
2026-04-03 2026North Korean hackers blamed for hijacking popular Axios open source project to spread malwareSupply ChainLibrary hijack of the popular JavaScript tool Axios, hosted on npm, is attributed to suspected North Korean hackers (UNC1049). The attackers compromised a developer account to push malicious versions containing a remote access trojan, impacting millions of developers and representing a significant supply chain attack. Security firms like StepSecurity and Aikido investigated, with Aikido advising users who downloaded the compromised code to assume their systems are compromised. The malware was designed to self-delete, complicating detection.
2026-04-02 2026Apple made strides with iOS 26 security but leaked hacking tools still leave millions exposed to spyware attacksMobileWriteup detailing how leaked hacking tools like Coruna and DarkSword are targeting millions of users on older iOS versions, despite Apple's security advancements like Memory Integrity Enforcement in iOS 26. These tools exploit memory corruption bugs, previously assumed to be difficult to leverage broadly, and a thriving secondary market for exploits exacerbates the issue.