Tech
Someone has publicly leaked an exploit kit that can hack millions of iPhones
Last week, cybersecurity researchers uncovered a hacking campaign targeting iPhone users that used an advanced hacking tool called DarkSword. Now someone has leaked a newer version of DarkSword and published it on the code-sharing site GitHub.
Researchers are warning that this will allow any hacker to easily use the tools to target iPhone users running older versions of Apple’s operating systems who have not yet updated to its latest iOS 26 software. This likely affects hundreds of millions of actively used iPhones and iPads, according to Apple’s own data on out-of-date devices.
“This is bad. They are way too easy to repurpose,” Matthias Frielingsdorf, the co-founder of mobile security startup iVerify, told TechCrunch on Monday. “I don’t think that can be contained anymore. So we need to expect criminals and others to start deploying this.”
Frielingsdorf said that these new versions of DarkSword spyware share the same infrastructure with the ones he and his iVerify colleagues analyzed previously, although the files are slightly different. The files uploaded to GitHub are uncomplicated, just HTML and JavaScript, he said, meaning anyone can copy and paste them and host them on a server “in a couple minutes to hours.”
“The exploits will work out of the box,” Frielingsdorf said. “There is no iOS expertise required.”
Kimberly Samra, a spokesperson for Google, which previously analyzed the DarkSword exploit, said the company’s researchers agree with Frielingsdorf’s assessment.
Contact Us
Do you have more information about Darksword, Coruna, or other government hacking and spyware tools? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email.
A security hobbyist who goes by the handle matteyeux also told TechCrunch that it is indeed trivial to use the leaked DarkSword samples. Matteyeux wrote in a post on X Monday that he was able to hack an iPad mini tablet running iOS 18, the previous generation of the operating system that is vulnerable to DarkSword, using the “in the wild” DarkSword sample that is circulating online.
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
Apple spokesperson Sarah O’Rourke told TechCrunch that the company was aware of the exploit targeting devices running older and out-of-date operating systems and issued an emergency update on March 11 for devices unable to run recent versions of iOS.
“Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products,” O’Rourke said, adding that devices with updated software were not at risk from these reported attacks and that Lockdown Mode would also block these specific attacks.
A spokesperson for Microsoft, which owns GitHub, did not immediately respond to a request for comment.
The code, which TechCrunch is not linking to, as it can be used in active attacks, contains several comments that describe how the exploits work and how to implement them.
One comment, likely written by one of the developers who worked on DarkSword, says that the exploit “reads and exfiltrates forensically-relevant files from iOS devices via HTTP,” referring to stealing information from a person’s iPhone or iPad and sending the data over the internet to an attacker-controlled server.
“This payload should be injected into a process with filesystem access class,” the comment reads.
In one case, the code references “post-exploitation activity” and describes process after the malware has gained access to the person’s phone and grabs its contents, including their contacts, messages, call history, and iOS keychain, which stores Wi-Fi passwords and other secrets, and dumps them into a remote server.
Another file contains references to uploading data to a popular Ukrainian apparel website, though TechCrunch could not immediately determine why. DarkSword was allegedly used by Russian government hackers against Ukrainian targets.
This particular spyware works specifically against iPhones and iPads running iOS 18, according to iVerify, Google, and Lookout, which also previously analyzed the DarkSword malware.
According to Apple’s own numbers, about one-quarter of all iPhone and iPad users are still running iOS 18 or earlier on their device. With more than 2.5 billion active devices, that likely equates to hundreds of millions of people whose devices are vulnerable to DarkSword attacks.
That’s why Frielingsdorf recommends everyone upgrade their iPhone’s operating system.
The discovery of DarkSword came only a few weeks after researchers discovered another advanced iPhone hacking toolkit known as Coruna. As TechCrunch reported, Coruna was originally developed by the defense contractor L3Harris, whose Trenchant division makes hacking tools for the U.S. government and its allies.
Tech
Anthropic releases Opus 4.8 with new ‘dynamic workflow’ tool
On Thursday, Anthropic released Opus 4.8, the newest version of its most advanced publicly available model. The model is available everywhere, with standard pricing at the same level as the previous Opus release.
The new model comes just 41 days after Opus 4.7 was released, a much faster upgrade cycle than normal for Anthropic. (The most recent Sonnet and Haiku models are three and seven months old, respectively.) The fast turnaround may have something to do with the chilly reception to Opus 4.7, which some users found disappointing.
That interval has also seen significant new releases for OpenAI’s Codex and Google’s Gemini Flash model, increasing the pressure on Anthropic to keep pace.
Opus 4.8 comes with the expected best-in-class benchmark results, but there’s also particular attention to how the model manages bad or uncertain data. In the launch post, Anthropic’s early testers found that the new model is “more likely to flag uncertainties about its work and less likely to make unsupported claims.”
Echoing this point, a testimonial from Bridgewater associates said the biggest difference in the upgrade was “Opus 4.8’s tendency to proactively flag issues with the inputs and outputs of an analysis, something other models routinely missed and left to the users to catch.”
Together with the new model, Anthropic launched a feature called Dynamic Workflows, which will be available in research preview. The system is designed to help larger models like Opus manage complex tasks across hundreds of parallel subagents.
“Claude Code alongside Opus 4.8 can now carry out codebase-scale migrations across hundreds of thousands of lines of code from kickoff to merge, with the existing test suite as its bar,” the post explains.
Anthropic is still holding back its most advanced Mythos model after a tentative preview last month raised cybersecurity concerns. However, the company hinted in today’s Opus release that the Mythos preview period might soon end, once necessary safeguards are complete.
“We’re making swift progress on developing these safeguards and expect to be able to bring Mythos-class models to all our customers in the coming weeks,” the company wrote.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Tech
Corgi announces $106M raise at $2.6B valuation — double what it was worth 3 weeks ago
Insurance tech Corgi on Thursday announced a $106 million Series B1 raise, valuing the company at $2.6 billion, just three weeks after announcing a $160 million Series B at a $1.3 billion valuation and four months after its $108 million Series A. The company offers insurance, working specifically with startups in areas like tech, cyber, and general liability; it counts Deel and Artisan among its customers.
Even in the current go-go dealmaking environment, that sequencing is remarkable. While startups raising back-to-back rounds at steep step-ups have become almost routine, a company whose valuation doubles in three weeks is unusual enough to raise questions, particularly given the investor set in both rounds is the same.
Asked what material event justified that kind of jump in such a short window, investor Kanyi Maqubela of Kindred Ventures cited the company’s momentum. It’s an explanation may satisfy some, but the practice more generally is starting to attract scrutiny in LP circles. “There’s growing distrust of internal markups,” said one LP who backs numerous venture funds and asked not to be named. Said this person of exit mechanisms specifically, “[I]f a company [is] just getting re-priced upward with no real liquidity event, LPs notice.”
The specific concern is that a fund that invests at one valuation, then marks it up three weeks later can make portfolio performance look stronger on paper than the underlying business may justify.
In this case, Maqubela suggested, that’s not an issue for Kindred’s limited partners, nor for Corgi’s other investors, which include Prime Capital, Leblon Capital, Alumni Ventures, and Y Combinator.
“LPs really like exits above all,” Maqubela said in a message to TechCrunch. “They discount the value of markups since those aren’t always reflective of reality.” He added that in this case, revenue growth rationalized the new round.
Founded in 2024 by Emily Yuan and Nico Laqua, Corgi says it’s building coverage for what it calls “newer categories” of risk while also addressing an often underserved market among legacy insurance carriers — startups and the unique liability problems they face, including those related to AI.
“Corgi covers anything from when an AI system causes financial loss, misinformation, operational failures, or compliance issues,” Laqua told TechCrunch. “Many legacy policies either exclude these risks or handle them ambiguously.
Corgi is not alone in the insurtech market; Vouch, which is backed by Y Combinator, operates in a similar space.
When asked about the back-to-back rounds, Laqua said that insurance is a “highly capital-intensive industry,” and that “demand has accelerated quickly across new product lines and partnerships.” Building an AI-native platform compounds those costs further.
“We’re best known for our business insurance products, but the additional capital will be used to expand into new insurance categories, scale the AI underwriting platform, grow embedded distribution partnerships, and continue growing our team,” Laqua said.
Corgi has now raised $378 million in total funding from its investors.
Correction: The title of this headline originally misstated the valuation due to an editing error.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Tech
Startup Battlefield 200 application deadline extended to June 8 after overwhelming demand
Founders, the battlefield is still open, but not for much longer.
After overwhelming demand from founders around the world, TechCrunch has extended the Startup Battlefield 200 application deadline to June 8. If you thought you missed your opportunity to pitch live on the Disrupt Stage in October at San Francisco’s Moscone West, this is your final chance to step into one of tech’s most competitive startup arenas.
Nominate a standout startup or submit your application before the deadline.
What is Startup Battlefield 200?
Startup Battlefield 200 is where ambitious early-stage startups go from unknown to impossible to ignore. Selected founders will take the spotlight at TechCrunch Disrupt 2026, pitching live in front of elite investors, influential media, and the global startup ecosystem. One startup will walk away with $100,000 in equity-free funding, but every company selected gains visibility that can reshape its trajectory.
More than 1,700 startups have participated in Startup Battlefield over the years. Together, they’ve raised more than $32 billion and produced over 250 exits, including acquisitions by companies like Microsoft, Google, Salesforce, Uber, and Amazon.
This is the same competition that helped launch companies like Dropbox, Discord, Mint, Fitbit, and Trello. More than 1,500 startups have competed in Startup Battlefield, and many have gone on to become category-defining businesses.
Why founders are still racing to apply
Competition for Startup Battlefield 200 has intensified as founders look for ways to stand out in a crowded fundraising environment. The extension gives more startups the opportunity to enter, but expectations are higher than ever.
Selected startups receive:
- A free exhibit table for all three days of Disrupt.
- Four complimentary Disrupt passes.
- Branding and visibility inside the Disrupt event app.
- Press exposure and lead-generation opportunities.
- Access to founder-only masterclasses.
- The opportunity to pitch live on the Disrupt Stage.
- Direct feedback from leading venture capitalists.
- A chance to win $100,000 in equity-free funding.
Who should apply
TechCrunch is looking for bold early-stage startups with a working MVP and a vision capable of disrupting an industry. Bootstrapped, pre-seed, and seed-stage startups are encouraged to apply. Select Series A startups in capital-intensive sectors may also qualify.
If you are building something category-changing, this is your chance to prove it on one of the biggest stages in tech.
The clock is still ticking
The deadline extension was driven by overwhelming demand, but the battlefield will not stay open forever. Thousands of startups are competing for a limited number of spots, and every application is reviewed closely by the TechCrunch team.
This is your opportunity to get in front of investors, customers, media, and future partners all in one place. Nominate or apply before June 8 and fight for your place among the next generation of breakout startups.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Report: USMNT coach Mauricio Pochettino meets with AC Milan
Surging Nationals to test MLB's top offense against Padres
