US cyber security agency gives deadline to Federal agencies to fix Darksword spyware threat on Apple devices

US cyber security agency Cybersecurity and Infrastructure Security Agency (CISA) has added five new security flaws to its Known Exploited Vulnerabilities (KEV) list, warning that these are being actively used by hackers. The vulnerabilities that include Darksword spyware impacted Apple products and web platforms such as Craft CMS and Laravel Livewire. Authorities have warned that these weaknesses might enable hackers to seize control of systems or compromise sensitive information. Federal agencies are mandated by government regulations to address these problems by April 3, 2026. This action underscores the escalating threats posed by sophisticated cyberattacks aimed at commonly used software and hardware.

Critical flaws linked to active attacks

Among the newly added issues is a major flaw in Craft CMS (CVE-2025-32432) with a top severity score. It allows attackers to run harmful code remotely.Another flaw in Laravel Livewire (CVE-2025-54068) allows attackers to execute commands without needing login access.CISA also flagged multiple Apple-related issues affecting iOS, macOS and Safari. These can be triggered using harmful web content, often used in targeted attacks.The five new vulnerabilities include:

What is DarkSword

Darksword is reportedly a professionally designed, highly sophisticated platform that appears to have been built for future development and shows clear signs of deliberate engineering for maintainability. Security researchers call Darksword an exploit kit that has tools designed to take advantage of vulnerabilities in software, in this case Apple’s iOS.The group behind Darksword is tracked by researchers under the identifier UNC6353 and a definitive attribution remains unclear. Researchers say that there are signs that large language model (LLM) tools – which power AI chatbots – have been used to extend Darksword’s functionality.