The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Friday added 5 safety flaws impacting Apple, Craft CMS, and Laravel Livewire to its Recognized Exploited Vulnerabilities (KEV) catalog, urging federal companies to patch them by April 3, 2026.
The vulnerabilities which have come underneath exploitation are listed beneath –
- CVE-2025-31277 (CVSS rating: 8.8) – A vulnerability in Apple WebKit that would lead to reminiscence corruption when processing maliciously crafted net content material. (Fastened in July 2025)
- CVE-2025-43510 (CVSS rating: 7.8) – A reminiscence corruption vulnerability in Apple’s kernel part that would enable a malicious software to trigger sudden modifications in reminiscence shared between processes. (Fastened in December 2025)
- CVE-2025-43520 (CVSS rating: 8.8) – A reminiscence corruption vulnerability in Apple’s kernel part that would enable a malicious software to trigger sudden system termination or write kernel reminiscence. (Fastened in December 2025)
- CVE-2025-32432 (CVSS rating: 10.0) – A code injection vulnerability in Craft CMS that would enable a distant attacker to execute arbitrary code. (Fastened in April 2025)
- CVE-2025-54068 (CVSS rating: 9.8) – A code injection vulnerability in Laravel Livewire that would enable unauthenticated attackers to realize distant command execution in particular eventualities. (Fastened in July 2025)
The addition of the three Apple vulnerabilities to the KEV catalog comes within the wake of experiences from Google Menace Intelligence Group (GTIG), iVerify, and Lookout about an iOS exploit equipment codenamed DarkSword that leverages these shortcomings, together with three bugs, to deploy varied malware households like GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER for information theft.
CVE-2025-32432 is assessed to have been exploited as a zero-day by unknown risk actors since February 2025, per Orange Cyberdefense SensePost. Since then, an intrusion set tracked as Mimo (aka Hezb) has additionally been noticed exploiting the vulnerability to deploy a cryptocurrency miner and residential proxyware.
Rounding off the listing is CVE-2025-54068, whose exploitation was just lately flagged by the Ctrl-Alt-Intel Menace Analysis group as a part of assaults mounted by the Iranian state-sponsored hacking group, MuddyWater (aka Boggy Serpens).
In a report printed earlier this week, Palo Alto Networks Unit 42 known as out the adversary’s constant focusing on of diplomatic and significant infrastructure, together with vitality, maritime, and finance, throughout the Center East and different strategic targets worldwide.
“Whereas social engineering stays its defining trait, the group can also be growing its technological capabilities,” Unit 42 stated. “Its numerous toolset consists of AI-enhanced malware implants that incorporate anti-analysis strategies for long-term persistence. This mix of social engineering and quickly developed instruments creates a potent risk profile.”
“To assist its large-scale social engineering campaigns, Boggy Serpens makes use of a custom-built, web-based orchestration platform,” Unit 42 stated. “This software permits operators to automate mass e mail supply whereas sustaining granular management over sender identities and goal lists.”
Attributed to the Iranian Ministry of Intelligence and Safety (MOIS), the group is primarily targeted on cyber espionage, though it has additionally been linked to disruptive operations focusing on the Technion Israel Institute of Expertise by adopting the DarkBit ransomware persona.
One of many defining hallmarks of MuddyWater’s tradecraft has been the usage of hijacked accounts belonging to official authorities and company entities in its spear-phishing assaults, and abuse of trusted relationships to evade reputation-based blocking programs and ship malware.
In a sustained marketing campaign focusing on an unnamed nationwide marine and vitality firm within the U.A.E. between August 16, 2025, and February 11, 2026, the risk actor is claimed to have carried out 4 distinct waves of assault, resulting in the deployment of assorted malware households, together with GhostBackDoor and Nuso (aka HTTP_VIP). Among the different notable instruments within the risk actor’s arsenal embody UDPGangster and LampoRAT (aka CHAR).
“Boggy Serpens’ current exercise exemplifies a maturing risk profile, because the group integrates its established methodologies with refined mechanisms for operational persistence,” Unit 42 stated. “By diversifying its improvement pipeline to incorporate fashionable coding languages like Rust and AI-assisted workflows, the group creates parallel tracks that make sure the redundancy wanted to maintain a excessive operational tempo.”
