CISA warns about bugs in Apple, Craft CMS, and Laravel in KEV and tells them to fix them by April 3, 2026.

On Friday, the U.S This article explores apple vulnerabilities added. . Cybersecurity and Infrastructure Security Agency (CISA) added five security holes that affect Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog.

It told federal agencies to fix them by April 3, 2026. Below are the vulnerabilities that have been used to attack systems. - The three Apple vulnerabilities were added to the KEV catalog after reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout about an iOS exploit kit called DarkSword that uses these flaws and three bugs to spread malware families like GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER to steal data. According to Orange Cyberdefense SensePost, CVE-2025-32432 has been used as a zero-day by unknown threat actors since February 2025.

An intrusion set known as Mimo (also known as Hezb) has also been seen taking advantage of the flaw to install a cryptocurrency miner and residential proxyware. The last item on the list is CVE-2025-54068. The Ctrl-Alt-Intel Threat Research team recently reported that the Iranian state-sponsored hacking group MuddyWater (also known as Boggy Serpens) was using it in attacks.

Palo Alto Networks Unit 42 released a report earlier this week that said the enemy consistently targets diplomatic and critical infrastructure in the Middle East and other important places around the world, such as energy, maritime, and finance. "Unit 42 said, "Social engineering is still its main trait, but the group is also getting better at using technology."

"It has a wide range of tools, including AI-enhanced malware implants that use anti-analysis techniques to stay on a device for a long time. This mix of social engineering and quickly made tools makes for a very dangerous threat profile. Unit 42 said, "Boggy Serpens uses a custom-built, web-based orchestration platform to run its large-scale social engineering campaigns."

"This tool lets operators send a lot of emails automatically while still having full control over who sends them and who gets them." The Iranian Ministry of Intelligence and Security (MOIS) says that the group is mostly focused on cyber espionage, but it has also been linked to disruptive operations against the Technion Israel Institute of Technology by using the DarkBit ransomware persona.

One of the most important things about MuddyWater's tradecraft is that it uses stolen accounts from government and business organizations in its spear-phishing attacks. It also uses trusted relationships to get around reputation-based blocking systems and deliver malware. From August 16, 2025, to February 11, 2026, the threat actor is said to have attacked an unnamed national marine and energy company in the U.A.E.

four times, using different types of malware, such as GhostBackDoor and Nuso (also known as HTTP_VIP). UDPGangster and LampoRAT (also known as CHAR) are two other important tools that the threat actor has.

Unit 42 said, "Boggy Serpens' recent activity shows that it is becoming a more serious threat, as the group combines its tried-and-true methods with improved ways to stay active." "By adding modern coding languages like Rust and AI-assisted workflows to its development pipeline, the group makes parallel tracks that make sure there is enough redundancy to keep a high operational tempo."