"CVE-2025-31277, with a CVSS score of 8.8, is a vulnerability in Apple WebKit that could result in memory corruption when processing maliciously crafted web content, fixed in July 2025."
"CVE-2025-54068, rated at 9.8, is a code injection vulnerability in Laravel Livewire that could allow unauthenticated attackers to achieve remote command execution in specific scenarios, fixed in July 2025."
"Reports from Google Threat Intelligence Group and others indicate that an iOS exploit kit codenamed DarkSword leverages these vulnerabilities to deploy various malware families for data theft."
CISA has identified five security vulnerabilities affecting Apple, Craft CMS, and Laravel Livewire, urging federal agencies to address them by April 3, 2026. The vulnerabilities include memory corruption issues in Apple WebKit and kernel components, as well as code injection vulnerabilities in Craft CMS and Laravel Livewire. Reports indicate that these flaws are being exploited by threat actors, including an iOS exploit kit named DarkSword, which deploys malware for data theft. One vulnerability has been exploited as a zero-day since February 2025.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]