CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

CISA Adds Apple WebKit, Kernel, Craft CMS, and Laravel Livewire Flaws to KEV Catalog

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on March 21, 2026, requiring federal agencies to patch them by April 3, 2026. The vulnerabilities include three Apple issues (CVE-2025-31277, CVE-2025-43510, CVE-2025-43520), a critical Craft CMS flaw (CVE-2025-32432), and a Laravel Livewire issue (CVE-2025-54068), all under active exploitation. The Apple flaws are linked to the DarkSword iOS exploit kit, while the Craft CMS and Laravel Livewire bugs are tied to campaigns by MuddyWater and other threat actors. Exploitation of CVE-2025-32432 as a zero-day since February 2025 has been attributed to intrusion set Mimo (aka Hezb), deploying cryptocurrency miners and residential proxyware. CVE-2025-54068 is associated with Iranian state-sponsored group MuddyWater (aka Boggy Serpens), which has targeted diplomatic, energy, maritime, and financial sectors globally.

Timeline

  1. 21.03.2026 10:25 1 articles · 2h ago

    CISA mandates patching of five KEV catalog vulnerabilities by April 3, 2026

    CISA added CVE-2025-31277, CVE-2025-43510, CVE-2025-43520 (Apple), CVE-2025-32432 (Craft CMS), and CVE-2025-54068 (Laravel Livewire) to the KEV catalog on March 21, 2026, requiring federal agencies to patch all by April 3, 2026. The move follows confirmed exploitation of these flaws in campaigns leveraging the DarkSword exploit kit and activity attributed to intrusion set Mimo and Iranian state-sponsored actor MuddyWater.

    Show sources
    Open in new tab

Information Snippets