CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
Source: The Hacker News
Published: Sat, 21 Mar 2026 08:25:00 GMT
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities ( KEV ) catalog, urging federal agencies to patch them by April 3, 2026.
The vulnerabilities that have come under exploitation are listed below -
The addition of the three Apple vulnerabilities to the KEV catalog comes in the wake of reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout about an iOS exploit kit codenamed DarkSword that leverages these shortcomings, along with three bugs, to deploy various malware families like GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER for data theft.
CVE-2025-32432 is assessed to have been exploited as a zero-day by unknown threat actors since February 2025, per Orange Cyberdefense SensePost. Since then, an intrusion set tracked as Mimo (aka Hezb) has also been observed exploiting the vulnerability to deploy a cryptocurrency miner and residential proxyware.
Rounding off the list is CVE-2025-54068 , whose exploitation was recently flagged by the Ctrl-Alt-Intel Threat Research team as part of attacks mounted by the Iranian state-sponsored hacking group, MuddyWater (aka Boggy Serpens).
In a report published earlier this week, Palo Alto Networks Unit 42 called out the adversary's consistent targeting of diplomatic and critical infrastructure, including energy, maritime, and finance, across the Middle East and other strategic targets worldwide.
"While social engineering remains its defining trait, the group is also increasing its technological capabilities," Unit 42 said . "Its diverse toolset includes AI-enhanced malware implants that incorporate anti-analysis techniques for long-term persistence. This combination of social engineering and rapidly developed tools creates a potent threat profile."
"To support its large-scale social engineering campaigns, Boggy Serpens uses a custom-built, web-based orchestration platform," Unit 42 said. "This tool enables operators to automate mass email delivery while maintaining granular control over sender identities and target lists."
Attributed to the Iranian Ministry of Intelligence and Security (MOIS), the group is primarily focused on cyber espionage, although it has also been linked to disruptive operations targeting the Technion Israel Institute of Technology by adopting the DarkBit ransomware persona.
One of the defining hallmarks of MuddyWater's tradecraft has been the use of hijacked accounts belonging to official government and corporate entities in its spear-phishing attacks, and abuse of trusted relationships to evade reputation-based blocking systems and deliver malware.
In a sustained campaign targeting an unnamed national marine and energy company in the U.A.E. between August 16, 2025, and February 11, 2026, the threat actor is said to have conducted four distinct waves of attack, leading to the deployment of various malware families, including GhostBackDoor and Nuso (aka HTTP_VIP). Some of the other notable tools in the threat actor's arsenal include UDPGangster and LampoRAT (aka CHAR).
"Boggy Serpens' recent activity exemplifies a maturing threat profile, as the group integrates its established methodologies with refined mechanisms for operational persistence," Unit 42 said. "By diversifying its development pipeline to include modern coding languages like Rust and AI-assisted workflows, the group creates parallel tracks that ensure the redundancy needed to sustain a high operational tempo."
A practical deep dive into securing AI agents against real-world attack paths beyond the model itself.
See exactly where your controls stand against today’s threats—automated, accurate, approachable.
Get the latest news, expert insights, exclusive resources, and strategies from industry leaders – all for free.
Source
Original report: https://thehackernews.com/2026/03/cisa-flags-apple-craft-cms-laravel-bugs.html