The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five actively exploited vulnerabilities affecting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to remediate these critical flaws by April 3, 2026. The move highlights the growing urgency around patch management and proactive cyber defense as threat actors increasingly exploit widely used platforms.
The newly listed vulnerabilities include multiple high-severity issues. Among them are three Apple-related flaws – CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520 – primarily involving memory corruption risks in WebKit and kernel components. These vulnerabilities could allow malicious applications or crafted web content to manipulate system memory, potentially leading to data compromise, system crashes, or unauthorized access.
Additionally, two critical code injection vulnerabilities have been identified in widely used web technologies. CVE-2025-32432 impacts Craft CMS with a maximum severity score of 10.0, allowing remote attackers to execute arbitrary code. CVE-2025-54068 affects Laravel Livewire, enabling unauthenticated attackers to achieve remote command execution under specific conditions. Both vulnerabilities significantly increase the risk of full system compromise if left unpatched.
The inclusion of Apple vulnerabilities in the KEV catalog follows reports of an advanced iOS exploit kit known as “DarkSword.” This toolkit leverages multiple vulnerabilities to deploy malware families such as GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER, which are designed for data exfiltration and persistent device compromise. Security researchers have linked these campaigns to sophisticated threat actors targeting high-value individuals and organizations.
CVE-2025-32432 has reportedly been exploited as a zero-day since early 2025, with threat groups deploying cryptocurrency miners and proxyware to monetize compromised systems. Meanwhile, CVE-2025-54068 has been associated with attacks conducted by the Iranian state-sponsored group MuddyWater, also known as Boggy Serpens. The company is well-known for its cyberespionage activities and has progressively embraced cutting-edge methods, such as automated phishing infrastructure and malware with AI enhancements.
Recent intelligence indicates that MuddyWater has targeted sectors such as energy, maritime, finance, and diplomatic entities across the Middle East and beyond. Their campaigns often rely on hijacked legitimate accounts to bypass security controls and deliver malware, making detection more challenging. In one sustained operation, the group executed multiple attack waves against a national energy and marine organization, deploying tools like GhostBackDoor, Nuso, UDPGangster, and LampoRAT to maintain long-term access.
Cybersecurity experts note that the group’s evolving tactics – including the use of modern programming languages like Rust and AI-assisted development – demonstrate a maturing threat landscape. The combination of social engineering and advanced tooling allows attackers to scale operations while maintaining persistence and adaptability.
CISA’s directive underscores the importance of immediate patching and continuous monitoring. Organizations are advised to prioritize remediation of KEV-listed vulnerabilities, strengthen endpoint security, and implement zero-trust architectures to reduce exposure to such threats.
As cyberattacks grow more complex and targeted, the latest KEV additions serve as a reminder that unpatched systems remain one of the most exploited entry points for adversaries, reinforcing the need for vigilant cybersecurity practices across all sectors.
Recommended Cyber News :
- ConnectSecure Launches Unified Linux Patching for Multi-Distribution Security Management
- CRIL Warns of Rising Middle East Cyber Threats
- Cyderes Launches Howler Cell, An Elite Division Assembled to Identify and Stop Malicious Threats
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
