Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026.

The vulnerabilities that have come under exploitation are listed below –

• CVE-2025-31277 (CVSS score: 8.8) – A vulnerability in Apple WebKit that could result in memory corruption when processing maliciously crafted web content. (Fixed in July 2025)
• CVE-2025-43510 (CVSS score: 7.8) – A memory corruption vulnerability in Apple’s kernel component that could allow a malicious application to cause unexpected changes in memory shared between processes. (Fixed in December 2025)
• CVE-2025-43520 (CVSS score: 8.8) – A memory corruption vulnerability in Apple’s kernel component that could allow a malicious application to cause unexpected system termination or write kernel memory. (Fixed in December 2025)
• CVE-2025-32432 (CVSS score: 10.0) – A code injection vulnerability in Craft CMS that could allow a remote attacker to execute arbitrary code. (Fixed in April 2025)
• CVE-2025-54068 (CVSS score: 9.8) – A code injection vulnerability in Laravel Livewire that could allow unauthenticated attackers to achieve remote command execution in specific scenarios. (Fixed in July 2025)

The addition of the three Apple vulnerabilities to the KEV catalog comes in the wake of reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout about an iOS exploit kit codenamed DarkSword that leverages these shortcomings, along with three bugs, to deploy various malware families like GHOSTBLADE, GHOSTKNIFE, and GHOSTSABER for data theft.

CVE-2025-32432 is assessed to have been exploited as a zero-day by unknown threat actors since February 2025, per Orange Cyberdefense SensePost. Since then, an intrusion set tracked as Mimo (aka Hezb) has also been observed exploiting the vulnerability to deploy a cryptocurrency miner and residential proxyware.

Rounding off the list is CVE-2025-54068, whose exploitation was recently flagged by the Ctrl-Alt-Intel Threat Research team as part of attacks mounted by the Iranian state-sponsored hacking group, MuddyWater (aka Boggy Serpens).

In a report published earlier this week, Palo Alto Networks Unit 42 called out the adversary’s consistent targeting of diplomatic and critical infrastructure, including energy, maritime, and finance, across the Middle East and other strategic targets worldwide.

“While social engineering remains its defining trait, the group is also increasing its technological capabilities,” Unit 42 said. “Its diverse toolset includes AI-enhanced malware implants that incorporate anti-analysis techniques for long-term persistence. This combination of social engineering and rapidly developed tools creates a potent threat profile.”

“To support its large-scale social engineering campaigns, Boggy Serpens uses a custom-built, web-based orchestration platform,” Unit 42 said. “This tool enables operators to automate mass email delivery while maintaining granular control over sender identities and target lists.”

Attributed to the Iranian Ministry of Intelligence and Security (MOIS), the group is primarily focused on cyber espionage, although it has also been linked to disruptive operations targeting the Technion Israel Institute of Technology by adopting the DarkBit ransomware persona.

One of the defining hallmarks of MuddyWater’s tradecraft has been the use of hijacked accounts belonging to official government and corporate entities in its spear-phishing attacks, and abuse of trusted relationships to evade reputation-based blocking systems and deliver malware. 

In a sustained campaign targeting an unnamed national marine and energy company in the U.A.E. between August 16, 2025, and February 11, 2026, the threat actor is said to have conducted four distinct waves of attack, leading to the deployment of various malware families, including GhostBackDoor and Nuso (aka HTTP_VIP). Some of the other notable tools in the threat actor’s arsenal include UDPGangster and LampoRAT (aka CHAR).

“Boggy Serpens’ recent activity exemplifies a maturing threat profile, as the group integrates its established methodologies with refined mechanisms for operational persistence,” Unit 42 said. “By diversifying its development pipeline to include modern coding languages like Rust and AI-assisted workflows, the group creates parallel tracks that ensure the redundancy needed to sustain a high operational tempo.”

Ravie LakshmananMar 21, 2026Malware / Threat Intelligence

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.

The name is a reference to the fact that the malware uses an ICP canister, which refers to tamperproof smart contracts on the Internet Computer blockchain, as a dead drop resolver. The development marks the first publicly documented abuse of an ICP canister for the explicit purpose of fetching the command-and-control (C2) server, Aikido Security researcher Charlie Eriksen said.

The list of affected packages is below –

• 28 packages in the @EmilGroup scope
• 16 packages in the @opengov scope
• @teale.io/eslint-config
• @airtm/uuid-base32
• @pypestream/floating-ui-dom

The development comes within a day after threat actors leveraged a compromised credential to publish malicious trivy, trivy-action, and setup-trivy releases containing a credential stealer. A cloud-focused cybercriminal operation known as TeamPCP is suspected to be behind the attacks.

The infection chain involving the npm packages involves leveraging a postinstall hook to execute a loader, which then drops a Python backdoor that’s responsible for contacting the ICP canister dead drop to retrieve a URL pointing to the next-stage payload. The fact that the dead drop infrastructure is decentralized makes it resilient and resistant to takedown efforts.

Persistence is established by means of a systemd user service, which is configured to automatically start the Python backdoor after a 5-second delay if it gets terminated for some reason by using the “Restart=always” directive. The systemd service masquerades as PostgreSQL tooling (“pgmon”) in an attempt to fly under the radar.

The backdoor, as mentioned before, phones the ICP canister with a spoofed browser User-Agent every 50 minutes to fetch the URL in plaintext. The URL is subsequently parsed to fetch and run the executable.

“If the URL contains youtube[.]com, the script skips it,” Eriksen explained. “This is the canister’s dormant state. The attacker arms the implant by pointing the canister at a real binary, and disarms it by switching back to a YouTube link. If the attacker updates the canister to point to a new URL, every infected machine picks up the new binary on its next poll. The old binary keeps running in the background since the script never kills previous processes.”

It’s worth noting that a similar youtube[.]com-based kill switch has also been flagged by Wiz in connection with the trojanized Trivy binary (version 0.69.4), which also reaches out to the same ICP canister via a Python dropper (“sysmon.py”). As of writing, the URL returned by the C2 is a rickroll YouTube video.

The Hacker News found that the ICP canister supports three methods – get_latest_link, http_request, update_link – allowing the threat actor to modify the behavior at any time to serve an actual payload.

In tandem, the packages come with a “deploy.js” file that the attacker runs manually to spread the malicious payload to every package a stolen npm token provides access to in a programmatic fashion. The worm, assessed to be vibe-coded using an artificial intelligence (AI) tool, makes no attempt to conceal its functionality.

“This isn’t triggered by npm install,” Aikido said. “It’s a standalone tool the attacker runs with stolen tokens to maximize blast radius.”

To make matters worse, a subsequent iteration of CanisterWorm detected in “@teale.io/eslint-config” versions 1.8.11 and 1.8.12 has been found to self-propagate on its own without the need for manual intervention.

Unlike “deploy.js,” which was a self-contained script the attacker had to execute with the pilfered npm tokens to push a malicious version of the npm packages to the registry, the new variant incorporates this functionality in “index.js” within a findNpmTokens() function that’s run during the postinstall phase to collect npm authentication tokens from the victim’s machine.

The main difference here is that the postinstall script, after installing the persistent backdoor, attempts to locate every npm token from the developer’s environment and spawns the worm right away with those tokens by launching “deploy.js” as a fully detached background process.

Interestingly, the threat actor is said to have swapped out the ICP backdoor payload for a dummy test string (“hello123”), likely to ensure that the entire attack chain is working as intended before adding the malware.

“This is the point where the attack goes from ‘compromised account publishes malware’ to ‘malware compromises more accounts and publishes itself,'” Eriksen said. “Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector. Their packages get infected, their downstream users install those, and if any of them have tokens, the cycle repeats.”

(This is a developing story. Please check back for more details.)