MuddyWater broad exploitation wave across exposed SmarterMail, n8n, N-central, Langflow, and Laravel Livewire systems
Exploitation Wave
Summary
Hide ▲
Show ▼
MuddyWater ran a broad exploitation wave across more than 12,000 internet-exposed systems, creating a large attack surface for follow-on access, credential theft, and data exfiltration. The activity abused known flaws in SmarterMail, n8n, N-central, Langflow, and Laravel Livewire. The wave later shifted toward aviation, energy, and government targets in the Middle East.
Timeline
-
06.07.2026 21:34 1 articles · 3d ago
MuddyWater exploits more than 12,000 exposed systems before targeting Middle East sectors
Campaign Scope UpdateMuddyWater conducted a broad reconnaissance campaign across more than 12,000 internet-exposed SmarterMail, n8n, N-central, Langflow, and Laravel Livewire systems by exploiting CVE-2025-52691, CVE-2025-68613, CVE-2025-9316, CVE-2025-34291, and CVE-2025-54068, then shifted to credential harvesting and data exfiltration against aviation, energy, and government entities in Egypt, Israel, and the United Arab Emirates using vulnerability exploitation, Outlook Web Access (OWA) brute-force attacks, and multi-protocol C2 controllers.
Show sources
- Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations — thehackernews.com — 06.07.2026 21:34