FSB-affiliated attack group TA446 adopted the DarkSword iOS exploit kit leaked on GitHub to distribute GHOSTBLADE malware through spear phishing disguised as the Atlantic Council. Targets include Russian dissidents, government and educational institutions.
Five vulnerabilities confirmed exploited by MuddyWater and DarkSword were added to the KEV catalog. Craft CMS is a CVSS 10.0 zero-day that has seen active exploitation since February, and Laravel Livewire is being used by MuddyWater against Middle East infrastructure.
