Daily Briefing for 03.24.26

Top stories.

• DarkSword iOS exploit kit leaks to GitHub.
• Citrix patches critical flaw in NetScaler ADC and NetScaler Gateway.
• US bans sale of new foreign-made routers.

DarkSword iOS exploit kit leaks to GitHub.

TechCrunch reports that a new version of the iOS exploit kit DarkSword has been publicly posted on GitHub, allowing anyone to target iPhone users running iOS versions prior to iOS 26. iVerify, Lookout, and Google published reports on DarkSword last week, noting that a Russian espionage group was using the kit to launch watering-hole campaigns against Ukrainian users. Lookout states that DarkSword "leverages multiple vulnerabilities to establish privileged code execution to access sensitive information and exfiltrate it off the device." iVerify co-founder Matthias Frielingsdorf told TechCrunch that "we need to expect criminals and others to start deploying this" now that the code is public.

An Apple spokesperson told TechCrunch that the company is aware of the exploit kit and urged users to keep their software up to date. Apple also issued an emergency update on March 11th for devices that are unable to run recent versions of iOS.

Citrix patches critical flaw in NetScaler ADC and NetScaler Gateway.

Citrix yesterday issued patches for a critical vulnerability (CVE-2026-3055) in NetScaler ADC and NetScaler Gateway that can allow remote unauthenticated attackers to read sensitive information from memory, SecurityWeek reports. While exploitation hasn't been observed, experts warn that organizations should patch the flaw immediately before threat actors gain access to exploit code. Rapid7 states, "[E]xploitation of CVE-2026-3055 is likely to occur once exploit code becomes public. Therefore, it is crucial that customers running affected Citrix systems remediate this vulnerability as soon as possible; Citrix software has previously seen memory leak vulnerabilities broadly exploited in the wild, including the infamous 'CitrixBleed' vulnerability, CVE-2023-4966, in 2023."

watchTowr CEO Benjamin Harris also noted similarities to CitrixBleed and CitrixBleed2, stating, that "[i]mminent exploitation is highly likely."

US bans sale of new foreign-made routers.

The US Federal Communications Commission (FCC) has effectively banned the sale of all new foreign-made consumer routers in the US, the Register reports. The FCC added "routers produced in a foreign country" to its Covered List of equipment and services that "pose an unacceptable risk to the national security of the United States or the security and safety of United States persons." The ban does not affect the sale of any existing models that have been previously approved.

The Commission cited a National Security Determination issued earlier this month that stated, "Recently, malicious state and non-state sponsored cyber attackers have increasingly leveraged the vulnerabilities in small and home office routers produced abroad to carry out direct attacks against American civilians in their homes. From disrupting network connectivity to enabling local networking espionage and intellectual property theft, foreign-produced routers present unacceptable risks to Americans. Additionally, routers produced abroad were directly implicated in the Volt, Flax, and Salt Typhoon cyberattacks which targeted critical American communications, energy, transportation, and water infrastructure. Routers in the United States must have trusted supply chains so we are not providing foreign actors with a built-in backdoor to American homes, businesses, critical infrastructure, and emergency services."