Cybersecurity Newsfeed - 03/06/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 03/06/26
🛡️ Vulnerabilities
CISA Adds Linux and Android Flaws to KEV: CISA added CVE-2022-0492 (Linux Kernel privilege escalation) and CVE-2025-48595 (Android Framework integer overflow) to its Known Exploited Vulnerabilities catalog. Federal agencies must remediate these to prevent unauthorized access and ransomware deployment. More info
Active Exploitation of Android Framework (CVE-2025-48595): Google warns of a high-severity escalation-of-privilege flaw in Android versions 14-16. The vulnerability allows attackers to gain system permissions without user interaction. More info
Critical Kirki WordPress Plugin Flaw (CVE-2026-8096): An authorization bypass vulnerability in the Kirki plugin allows authenticated users with subscriber-level permissions to exfiltrate visitor form submissions and contact details. More info
🎯 Adversaries
Gamaredon Exploits WinRAR Path-Traversal: Russian threat actor Gamaredon is targeting Ukrainian organizations using CVE-2025-8088. The infection chain uses weaponized archives to deploy GammaWorm and GammaSteel for data exfiltration. More info
Pakistan-Linked SideCopy Targets India: SideCopy is conducting a new espionage campaign against Indian government and military institutions using “ReadOnly” and “WriteOnly” payloads for persistent surveillance. More info
China-Linked Dual-Method Espionage: APT31 and other groups are targeting the Czech Republic and Taiwan using a combination of spear-phishing and outdated Microsoft Exchange Server vulnerabilities for geopolitical leverage. More info
DriveSurge Hijacks Thousands of Sites: A new actor is redirecting website traffic via the zTDS system to “ClickFix” and “FakeUpdate” pages, acting as an initial access broker for ransomware operations. More info
Operation FlutterBridge Targets macOS: A new malvertising campaign is delivering the “FlutterShell” backdoor. Built on the Flutter framework, it uses a JavaScript-to-native bridge to execute shell commands and exfiltrate data. More info
WordPress Malware Abuses Steam Profiles: New malware uses invisible Unicode steganography to hide C2 instructions within Steam Community profile comments, evading traditional text-based detection. More info
Fake ChatGPT Desktop App Ads: A sophisticated campaign is distributing trojanized ChatGPT apps. Windows users are hit with PowerShell loaders, while macOS users receive the Odyssey Stealer. More info
“WeedHack” Infects 116,000 Minecraft Systems: This Malware-as-a-Service operation targets gamers with trojanized mods, facilitating credential theft and account hijacking via a professional dashboard. More info
📈 Trends
The Rise of “Zero-Knowledge” Threat Actors: AI tools are enabling individuals with minimal technical skill to automate vulnerability discovery, eliminating the “breathing room” organizations previously had for responsible disclosure. More info
AI-Built Ransomware Toolkits: Threat actors are using AI-native environments like Cursor and models like Claude Opus to automate the creation of EDR-evading malware and modular encryption layers. More info
“Kali365” Phishing Kit Expansion: The FBI-flagged kit has expanded to hijack Microsoft 365 OAuth tokens, allowing persistent access to enterprise environments by bypassing traditional MFA. More info
- Fake Virus Alerts in Mobile Games: Malicious alerts are invading mobile games to trick users into downloading info-stealers or subscribing to fraudulent “security” services. More info
💥 Breaches & Leaks
- Red Hat NPM Supply Chain Attack: A critical attack targeted the
@redhat-cloud-servicesnamespace, resulting in 32 backdoored packages. The breach utilized a compromised GitHub Actions token to deploy the “Miasma” worm. More info