Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation.
Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has been described as a case of privilege escalation without requiring any user interaction. The vulnerability impacts devices running Android versions 14, 15, 16, and 16 QPR2 (Quarterly Platform Release 2).
“In multiple locations, there is a possible way to achieve code execution due to an integer overflow,” according to a description of the vulnerability on CVE.org. “This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.”
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Google has acknowledged there are indications that CVE-2025-48595 may be under “limited, targeted exploitation.” As is typically the case, the tech giant did not reveal any specifics about who may have been behind the activity, the targets affected, and the scale of such efforts.
That said, similar flaws have been weaponized by commercial spyware vendors to target high-profile individuals as part of extremely targeted attacks.
Elsewhere, a number of vulnerabilities have been patched in the System component, the most severe of which could lead to local escalation of privilege with no additional execution privileges needed.
Google has released two sets of patches – 2026-06-01 and 2026-06-05 security patch levels – with the latter including all fixes from the first set, along with patches for kernel and third-party chipset components from Imagination Technologies, MediaTek, Qualcomm, and Unisoc.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
Jun 02, 2026
Threat Intelligence / Malware
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088 , a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used to retrieve an intermediate Visual Basic Script (VBScript) downloaders codenamed GammaLoad. The infection chain was observed by the French cybersecurity company in January 2026. "Their primary objectives are to fingerprint the host system, update the network configuration in the registry using dead drop resolvers (DDRs), fetch and execute arbitrary VBScript payloads from the C2 servers," Sekoia said . One of the payloads is a VBScript worm known as GammaWorm that establishes persistence via scheduled tasks and is designed to hide legitimate directories in network shares and USB drives and replace wit…