Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA KEV remediation order for five exploited Apple, Craft CMS, and Laravel Livewire flaws

Advisory/Mitigation
First reported
Last updated
Happening score
H score 52
1 unique sources, 1 articles

Summary

Hide ▲

CISA added five exploited flaws affecting Apple, Craft CMS, and Laravel Livewire to the KEV catalog, creating an urgent remediation requirement for federal agencies. The agency directed affected organizations to patch by April 3, 2026 because the weaknesses are already known to be under exploitation. The covered issues include flaws in Apple WebKit, Apple kernel components, Craft CMS, and Laravel Livewire.

Related Happenings

WebKit memory corruption, out-of-bounds write, and use-after-free flaws (multiple vulnerabilities)

Vulnerability
H score1 First: 30.06.2026 10:15 Last: 30.06.2026 10:15 Sources 1

About this happening: **WebKit** now has four patched vulnerabilities, including **CVE-2026-43707**, **CVE-2026-43716**, **CVE-2026-43745**, and **CVE-2026-43715**, that can be triggered by **malicious...

CISA KEV listing and FCEB ActiveMQ patch order

Public Sector Action
H score70 First: 17.04.2026 12:30 Last: 17.04.2026 12:30 Sources 1

About this happening: **CISA** added **CVE-2026-34197** to the **KEV Catalog** and ordered **FCEB** agencies to patch **Apache ActiveMQ** servers within **two weeks**. The directive sets a hard **April...

NIST CVE/NVD prioritization shift

Public Sector Action
H score35 First: 17.04.2026 00:47 Last: 17.04.2026 00:47 Sources 1

About this happening: **NIST** is **changing** its **CVE/NVD prioritization** so that, starting **April 15, 2026**, it will provide full details only for a **subset of CVEs**. The shift matters because...

NIST/NVD risk-based CVE enrichment change

Public Sector Action
H score35 First: 16.04.2026 15:43 Last: 16.04.2026 15:43 Sources 1

About this happening: **NIST** said the **US National Vulnerability Database (NVD)** will switch to a **risk-based CVE enrichment** model to cope with backlog growth. The change will **drop enrichment...

CISA KEV remediation lag is widening as exploit timelines shrink

Trend
H score54 First: 10.04.2026 17:01 Last: 10.04.2026 17:01 Sources 1

About this happening: **CISA KEV** remediation lag is widening across **10,000 organizations**, leaving enterprise exposures open longer than attackers need to weaponize them. Critical vulnerabilities...

Timeline

  1. 21.03.2026 10:25 2 articles · 3mo ago

    CISA adds five exploited flaws to KEV catalog

    Legal Policy Action Update

    CISA added CVE-2025-31277, CVE-2025-43510, CVE-2025-43520, CVE-2025-32432, and CVE-2025-54068 to the Known Exploited Vulnerabilities (KEV) catalog for Apple WebKit, Apple kernel components, Craft CMS, and Laravel Livewire, and directed federal agencies to patch the flaws by April 3, 2026.

    Show sources