Ethical Hacking News
CISA has flagged three major software platforms—Apple, Craft CMS, and Laravel Livewire—for newly disclosed vulnerabilities that pose a high risk of exploitation. These vulnerabilities are ripe for attackers to exploit and leverage in more complex attacks. Organizations must take immediate action to patch these weaknesses before the April 3 deadline to protect themselves from significant security breaches.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about five newly identified vulnerabilities in Apple, Craft CMS, and Laravel Livewire. These vulnerabilities are actively exploited since February 2025 and pose significant security risks to affected systems. Five CVEs have been identified, with the highest-rated vulnerability carrying a CVSS score of 10.0 and targeting Craft CMS. The DarkSword iOS exploit kit is leveraging these vulnerabilities to spread malware, primarily targeting financial institutions. Orgnanizations must prioritize patching these vulnerabilities ahead of the April 3, 2026 deadline set by CISA to prevent significant security breaches.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a pressing reminder to federal agencies and organizations worldwide, warning of the imminent threat posed by newly identified vulnerabilities in three popular software platforms: Apple, Craft CMS, and Laravel Livewire. The Known Exploited Vulnerabilities (KEV) catalog, maintained by CISA, lists five security flaws impacting these platforms, urging prompt attention and patching to prevent exploitation.
At the heart of this warning are five CVEs (Common Vulnerability Enumeration) numbers that have been identified as being actively exploited since February 2025. The vulnerabilities, each with its own unique severity score and impact, threaten to compromise the security and integrity of affected systems. It is essential for organizations to take immediate action to address these weaknesses before they can be fully exploited.
The first vulnerability, CVE-2025-31277, has a CVSS (Common Vulnerability Scoring System) score of 8.8, indicating that it poses an extremely high risk. This flaw affects Apple's WebKit component and can result in memory corruption when processing maliciously crafted web content. The bug was identified as being fixed in July 2025.
The second vulnerability, CVE-2025-43510, carries a CVSS score of 7.8 and impacts Apple's kernel component. Here, the potential threat lies in its ability to cause unexpected changes in memory shared between processes, potentially allowing malicious applications to execute arbitrary code with elevated privileges.
A third flaw, CVE-2025-43520, also associated with Apple's kernel component, is rated at CVSS 8.8. This vulnerability has the capability to allow a malicious application to induce unexpected system termination or write kernel memory, thereby giving attackers significant control over affected systems.
The fourth vulnerability on the list, CVE-2025-32432, boasts a CVSS score of 10.0 and targets Craft CMS. Unbeknownst to many users, this flaw allows a remote attacker to execute arbitrary code, thereby providing access to sensitive data and potentially leading to further exploitation.
Lastly, CVE-2025-54068, with a CVSS rating of 9.8, is connected to Laravel Livewire. This vulnerability poses the risk that unauthenticated attackers could exploit it to achieve remote command execution in specific scenarios, allowing them to execute malicious commands on vulnerable systems.
The presence of these vulnerabilities in Apple, Craft CMS, and Laravel Livewire highlights the increasing sophistication and breadth of threat actors' capabilities. The recent case involving DarkSword iOS exploit kits and malware families such as GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER underscores how attackers are combining previously identified vulnerabilities to deploy more complex attacks.
The DarkSword exploit kit leverages the three Apple vulnerabilities alongside other bugs to spread malware, primarily targeting financial institutions. This exploitation pattern highlights the importance of timely patching and the need for organizations to stay vigilant in the face of emerging threats.
The Iranian state-sponsored hacking group, MuddyWater (aka Boggy Serpens), has been linked to recent attacks that involve utilizing these vulnerabilities alongside custom-built web-based orchestration platforms. This platform enables attackers to automate mass email delivery while maintaining granular control over sender identities and target lists. Furthermore, the use of hijacked accounts belonging to official government and corporate entities in spear-phishing campaigns further complicates threat detection.
In light of this escalating threat landscape, it is imperative that organizations prioritize patching these identified vulnerabilities ahead of the April 3, 2026 deadline set by CISA. Failure to do so could lead to significant security breaches, exposing sensitive data and potentially crippling operations.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Growing-Threat-Landscape-CISA-Flags-Apple-Craft-CMS-Laravel-Vulnerabilities-Ahead-of-April-3-Patching-Deadline-ehn.shtml
https://thehackernews.com/2026/03/cisa-flags-apple-craft-cms-laravel-bugs.html
https://www.cisa.gov/news-events/alerts/2026/03/20/cisa-adds-five-known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2025-31277
https://www.cvedetails.com/cve/CVE-2025-31277/
https://nvd.nist.gov/vuln/detail/CVE-2025-43510
https://www.cvedetails.com/cve/CVE-2025-43510/
https://nvd.nist.gov/vuln/detail/CVE-2025-43520
https://www.cvedetails.com/cve/CVE-2025-43520/
https://nvd.nist.gov/vuln/detail/CVE-2025-32432
https://www.cvedetails.com/cve/CVE-2025-32432/
https://nvd.nist.gov/vuln/detail/CVE-2025-54068
https://www.cvedetails.com/cve/CVE-2025-54068/
https://attack.mitre.org/groups/G0069/
https://www.group-ib.com/masked-actors/muddywater/
Published: Sat Mar 21 04:20:42 2026 by llama3.2 3B Q4_K_M
