ACCORDING to The Hacker News, on 21 March 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five security flaws affecting Apple, Craft CMS and Laravel Livewire to its Known Exploited Vulnerabilities catalog and urged federal agencies to patch them by 3 April 2026.
The vulnerabilities listed include CVE-2025-31277 (Apple WebKit, CVSS 8.8) which could cause memory corruption when processing malicious content and is fixed since July 2025, CVE-2025-43510 (Apple kernel component, CVSS 7.8) with potential memory sharing changes, fixed December 2025, and CVE-2025-43520 (Apple kernel component, CVSS 8.8) enabling unexpected system termination or memory writes, fixed December 2025.
It also covers CVE-2025-32432 (Craft CMS, CVSS 10.0) a code injection flaw fixed in April 2025, and CVE-2025-54068 (Laravel Livewire, CVSS 9.8) a code injection vulnerability fixed in July 2025 that could allow remote command execution in specific scenarios.
The report notes prior activity linking these flaws to an iOS exploit kit codenamed DarkSword and to malware families like GhostBLADE, GhostKNIFE and GhostSaber, with Orange Cyberdefense SensePost and other groups mentioning exploitation by various threat actors.