Here are today’s top cybersecurity stories for Tuesday, June 2, 2026.
Google Patches Actively Exploited Android Zero-Day in June 2026 Security Update
Google released its June 2026 Android security update addressing 124 vulnerabilities, including CVE-2025-48595, an elevation-of-privilege flaw in the Android Framework component actively exploited in targeted attacks. The vulnerability affects Android 14, 15, and 16. Local attackers with no additional execution privileges needed exploit it to gain code execution and escalate privileges. The June patch levels 2026-06-01 and 2026-06-05 contain all fixes. Google did not disclose the identity of the threat actor behind the exploitation.
BleepingComputer
WP Maps Pro CVE-2026-8732: WordPress Plugin Flaw Exploited to Create Rogue Admin Accounts
Threat actors are actively exploiting CVE-2026-8732 (CVSS 9.8), a privilege escalation flaw in the WP Maps Pro WordPress plugin affecting all versions up to and including 6.1.0. The vulnerability allows unauthenticated attackers to call an unprotected AJAX endpoint and create a full administrator account. Wordfence blocked over 2,000 attacks in a single 24-hour window. Plugin maintainers issued a fix in version 6.1.1, released May 20, 2026.
BleepingComputer
Steam Community Profiles Weaponized as C2 Infrastructure in WordPress Malware Campaign
GoDaddy researchers identified malware infecting approximately 1,980 WordPress sites that uses Steam Community profile comments to conceal command-and-control instructions. The campaign hides encoded payloads using invisible Unicode characters mapped into binary data, which constructs URLs pointing to malicious JavaScript files. The technique evades detection by abusing Steam’s trusted domain and its tolerance for Unicode art in comments. Initial infection vectors include compromised credentials, vulnerable plugins, and supply chain attacks.
BleepingComputer
Operation Dragon Weave: China-Aligned APT Targets Czech Republic and Taiwan Using Azure Cloud C2
Researchers at Seqrite disclosed Operation Dragon Weave, a China-linked espionage campaign delivering the AZUREVEIL AdaptixC2 agent to targets in the Czech Republic and Taiwan. The campaign uses spear-phishing emails with ZIP attachments, a Rust loader, and Microsoft Azure Blob Storage as a dead-drop C2 channel. Targeted sectors include government, research, academia, technology, and financial services. The earliest known sample dates to March 2026.
The Hacker News
ChatGPhish: ChatGPT Markdown Rendering Flaw Turns Web Pages Into Phishing Payloads
Permiso Security disclosed ChatGPhish, a technique exploiting ChatGPT’s implicit trust in Markdown content from pages it summarizes. An attacker-controlled web page injects hidden Markdown instructions that render as live phishing buttons, QR codes, and tracking pixels inside ChatGPT’s own interface. Three attack chains were demonstrated, including spoofed OpenAI security alerts and QR pivot lures that shift the attack from desktop to mobile. OpenAI declined to patch after classifying the report as not reproducible.
The Hacker News
ShinyHunters Publishes Charter Communications Data After Ransom Refusal
ShinyHunters published data allegedly stolen from Charter Communications after the company refused to pay a ransom. The group claims 42 million customer records were taken; Have I Been Pwned confirmed at least 4.9 million unique email addresses exposed. The breach originated with a vishing attack against a Microsoft Entra employee, granting access to Charter’s Salesforce environment. Names, email addresses, phone numbers, physical addresses, and plan details are included in the published data.
SecurityWeek
Ransomware Groups Claim New Victims: INC_RANSOM, Qilin, DragonForce, and Play Active June 2
Multiple ransomware groups posted new victims to their leak sites on June 2, 2026. INC_RANSOM claimed Champaign-Urbana Public Health District. Qilin claimed Clínica Maitenes. DragonForce claimed Synex Group. Play claimed Digitall Graphics and Hightower Communications. The activity reflects continued elevated ransomware operation volume across healthcare, telecommunications, and services sectors.
SecurityWeek
CISA KEV Reminder: Netlogon CVE-2026-41089 Federal Patch Deadline Is June 3
Federal Civilian Executive Branch agencies face a June 3, 2026 deadline to remediate CVE-2026-41089, the zero-click Netlogon remote code execution flaw patched in the May 12 Patch Tuesday. The vulnerability carries a CVSS score of 9.8 and was confirmed under active exploitation by May 29. Full Active Directory compromise is achievable via a single unauthenticated network packet to an exposed domain controller.
CISA KEV Catalog
Stay tuned for today’s in-depth analysis posts.
