- The U.S. CISA has added five actively exploited security flaws impacting Apple, Craft CMS, and Laravel Livewire to its catalog, requiring federal agencies to patch them by April 3, 2026.
- A dangerous iOS exploit kit codenamed DarkSword leverages three of the Apple vulnerabilities to deploy malware families like GHOSTBLADE for data theft.
- The Iranian state-sponsored hacking group MuddyWater (aka Boggy Serpens) is exploiting one of the Laravel flaws in attacks targeting diplomatic and critical infrastructure sectors.
On March 20, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urgently flagged five actively exploited vulnerabilities in its Known Exploited Vulnerabilities catalog. Federal agencies have been directed to patch the Apple, Craft CMS, and Laravel Livewire flaws by April 3 to mitigate significant risk, according to the agency. The vulnerabilities include critical CVE-2025-31277 in Apple WebKit and CVE-2025-54068, a code injection flaw in Laravel Livewire with a CVSS score of 9.8.
Reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout highlight an iOS exploit kit named DarkSword using several Apple bugs. This kit deploys malware families like GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER to steal user data. Meanwhile, the critical Craft CMS vulnerability CVE-2025-32432 was reportedly exploited as a zero-day since February 2025 and later used by the threat actor Mimo to deploy a cryptocurrency miner.
The Iranian state-sponsored group MuddyWater is actively exploiting the Laravel vulnerability CVE-2025-54068. Unit 42 from Palo Alto Networks recently published a detailed threat assessment of the group, noting its focus on diplomatic and critical infrastructure. “While social engineering remains its defining trait, the group is also increasing its technological capabilities,” Unit 42 analysts stated.
Attributed to the Iranian Ministry of Intelligence and Security (MOIS), MuddyWater employs sophisticated methods. The group uses a custom web-based platform to automate mass email delivery and has deployed malware like GhostBackDoor and Nuso in a campaign against a UAE energy company. Consequently, CISA’s warning underscores the need for immediate patching across all affected software platforms.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
