Find notable cyber news and cases, enriched with sources, timelines, and signals.

MuddyWater broad exploitation wave across exposed SmarterMail, n8n, N-central, Langflow, and Laravel Livewire systems

Exploitation Wave
First reported
Last updated
Happening score
H score 76
1 unique sources, 1 articles

Summary

Hide ▲

MuddyWater ran a broad exploitation wave across more than 12,000 internet-exposed systems, creating a large attack surface for follow-on access, credential theft, and data exfiltration. The activity abused known flaws in SmarterMail, n8n, N-central, Langflow, and Laravel Livewire. The wave later shifted toward aviation, energy, and government targets in the Middle East.

Timeline

  1. 06.07.2026 21:34 1 articles · 3d ago

    MuddyWater exploits more than 12,000 exposed systems before targeting Middle East sectors

    Campaign Scope Update

    MuddyWater conducted a broad reconnaissance campaign across more than 12,000 internet-exposed SmarterMail, n8n, N-central, Langflow, and Laravel Livewire systems by exploiting CVE-2025-52691, CVE-2025-68613, CVE-2025-9316, CVE-2025-34291, and CVE-2025-54068, then shifted to credential harvesting and data exfiltration against aviation, energy, and government entities in Egypt, Israel, and the United Arab Emirates using vulnerability exploitation, Outlook Web Access (OWA) brute-force attacks, and multi-protocol C2 controllers.

    Show sources