Here are today’s top cybersecurity stories for Thursday, June 4, 2026.
WeedHack Malware-as-a-Service Infects Over 116,000 Minecraft Systems Since January
A large-scale infostealer campaign dubbed WeedHack has compromised more than 116,000 systems by targeting Minecraft players with malicious mods, cheat clients, and utilities promoted via YouTube and SEO poisoning. The operation runs as a malware-as-a-service platform with a free tier and a $5/month premium tier that adds remote access, keylogging, and webcam capability. Stolen data includes Minecraft session tokens, browser credentials, cryptocurrency wallet keys, and credentials for Discord, Steam, and Telegram. BleepingComputer
CISA Adds Mirasvit Magento Cache Warmer CVE-2026-45247 to KEV — Federal Deadline June 24
CISA added CVE-2026-45247, a critical PHP object injection flaw in Mirasvit Full Page Cache Warmer for Adobe Commerce and Magento, to its Known Exploited Vulnerabilities catalog on June 3, 2026. The CVSS 9.8 vulnerability allows unauthenticated attackers to execute arbitrary PHP code and take full control of affected storefronts. All versions prior to 1.11.12 are vulnerable across more than 150,000 installations worldwide. Patches were released May 25 and federal agencies face a June 24 remediation deadline. The Hacker News
Nike Investigating 1.4TB Data Theft Claimed by WorldLeaks Extortion Group
A threat actor group calling itself WorldLeaks has added Nike to its breach list, claiming to have exfiltrated approximately 1.4 terabytes of internal company data including designs, materials, pricing documents, supplier audits, and product timelines spanning 2020 through 2026. Nike confirmed it is investigating the claim but has not confirmed whether the leaked sample files belong to the company. No customer PII or employee data was included in the reported disclosure. BleepingComputer
Instagram Accounts Hijacked After Attackers Trick Meta AI Support Chatbot
Attackers hijacked multiple high-profile Instagram accounts by convincing Meta’s AI support chatbot to add attacker-controlled email addresses to target accounts. The attack required no technical exploit — attackers told the chatbot they owned the account and asked for an email address change, which the bot performed. Affected accounts included a U.S. Space Force official’s profile and the legacy Obama White House account. Many victims remain locked out because Meta’s automated support has no human escalation path. BleepingComputer
Exchange Online EX1331830 Outage Extends to Second Day With No Root Cause
Microsoft’s Exchange Online mail flow disruption, tracked as incident EX1331830, entered its second day on June 4, 2026, with customers across North America, Asia-Pacific, and Europe reporting email delays from 30 minutes to over six hours. Error messages indicate exceeded connection limits and abrupt SMTP session closures at the Active Directory infrastructure layer. Microsoft has not disclosed a root cause or timeline for resolution. BleepingComputer
Microsoft Reverses Course After Backlash Over Legal Threats Against Zero-Day Researcher
Microsoft walked back threats it directed at researcher “Nightmare-Eclipse,” who published proof-of-concept exploits for six unpatched Windows vulnerabilities. After MSRC condemned the disclosures as “never justifiable” and Microsoft’s Digital Crimes Unit signalled possible criminal action, the security research community pushed back sharply. On June 2, Microsoft issued a clarifying statement asserting it has “no intention to pursue action against individuals conducting or publishing security research.” SecurityWeek
Gogs CVSS 9.4 RCE Flaw Remains Unpatched With Public Exploit Now Available
A critical argument injection vulnerability in Gogs, the open-source self-hosted Git service, lets any authenticated user execute arbitrary code by crafting a malicious branch name that injects flags into git rebase operations during pull request merges. The flaw carries a CVSS score of 9.4, enables cross-tenant code repository access, credential theft, and lateral movement. The vulnerability was reported to maintainers on March 17, 2026 and remains unpatched, with a public exploit module now circulating. The Hacker News
Mirasvit Magento Exploitation Targeting Gaming and Business E-Commerce Sites Worldwide
SecurityWeek reports active exploitation of CVE-2026-45247 is focused on gaming and business-oriented e-commerce sites, with the United States, United Kingdom, France, and Australia among the most targeted countries. Attackers achieving unauthenticated code execution gain full control over web server, filesystem, and connected databases. Site operators running Adobe Commerce or Magento with the Mirasvit cache warmer extension should upgrade to version 1.11.12 immediately and audit server logs for signs of compromise. SecurityWeek
Stay tuned for today’s in-depth analysis posts.
