THU 02 JUL 2026 · GMT EDITION A WHITESTONE INTELLIGENCE PUBLICATION
MARKETS · CYBER · MEMOS · MODELS
DAILY ISSUES26 MAY27 MAY28 MAY29 MAY30 MAY31 MAY01 JUN02 JUN03 JUN04 JUN05 JUN06 JUN07 JUN08 JUN09 JUN10 JUN11 JUN12 JUN13 JUN14 JUN15 JUN16 JUN17 JUN18 JUN19 JUN21 JUN22 JUN23 JUN24 JUN25 JUN26 JUN27 JUN28 JUN29 JUN30 JUN01 JUN02 JUNALL ›
FRONT PAGE / CYBER / CYB-2026-06-001
CYBER · cves zero days · 2026-06-02SCOOP 78

Google patches 124 Android flaws including actively exploited CVE-2025-48595; CISA orders federal fix by June 5

Google's June 2026 Android security bulletin patched 124 vulnerabilities, including CVE-2025-48595, an Android Framework integer-overflow bug (CVSS 8.4) that Google says is under 'limited, targeted exploitation' in the w.

·FILED ISSUE 2026-06-02·1 MIN READ·RE-VERIFIED 2026-07-02 UTC·✓ RE-VERIFIED 2026-07-02

At a glance

  • June 2026 Android security bulletin patched 124 vulnerabilities
  • CVE-2025-48595: Android Framework integer-overflow, CVSS 8.4, 'limited, targeted exploitation', code execution + LPE with no user interaction
  • Two patch levels shipped: 2026-06-01 and 2026-06-05, covering Android 14, 15, 16 and 16 QPR2
  • CISA added CVE-2025-48595 to KEV on June 2, 2026; FCEB remediation deadline June 5, 2026 under Binding Operational Directive 22-01
  • BleepingComputer (Bill Toulas) reported the flaw is not flagged as exploited by ransomware crews

VERDICT — CONFIRMED

high confidence · primary + corroborating sources verified · re-verified 2026-07-02 UTC
Google patches 124 Android flaws including actively exploited CVE-2025-48595; CISA orders
Image via primary source

Google's June 2026 Android security bulletin patched 124 vulnerabilities, including CVE-2025-48595, an Android Framework integer-overflow bug (CVSS 8.4) that Google says is under 'limited, targeted exploitation' in the wild. The flaw enables code execution and local privilege escalation with no user interaction, the hallmark signature of commercial spyware vendor or nation-state targeting, though Google declined to name threat actors or victims. Two patch levels shipped, 2026-06-01 and 2026-06-05, covering Android 14, 15, 16 and 16 QPR2.

CISA added CVE-2025-48595 to its Known Exploited Vulnerabilities (KEV) catalog on June 2, 2026, giving Federal Civilian Executive Branch agencies a remediation deadline of June 5, 2026 under Binding Operational Directive 22-01. BleepingComputer's Bill Toulas reported the same day that neither this bug nor a companion KEV addition is flagged as exploited by ransomware crews, consistent with espionage-grade abuse. The bulletin is significant because integer-overflow-to-LPE chains without user interaction are exactly what mercenary spyware (e.g., commercial implant vendors) weaponize for one-click or zero-click device compromise; the three-day federal patch window underscores CISA's read that exploitation is real and ongoing rather than theoretical.

For enterprises and OEMs, the lag between Google's source patch and downstream carrier/device rollout leaves a meaningful exposure window on unpatched Android 14-16 handsets.

Key facts on file

  • June 2026 Android security bulletin patched 124 vulnerabilities
  • CVE-2025-48595: Android Framework integer-overflow, CVSS 8.4, 'limited, targeted exploitation', code execution + LPE with no user interaction
  • Two patch levels shipped: 2026-06-01 and 2026-06-05, covering Android 14, 15, 16 and 16 QPR2
  • CISA added CVE-2025-48595 to KEV on June 2, 2026; FCEB remediation deadline June 5, 2026 under Binding Operational Directive 22-01
  • BleepingComputer (Bill Toulas) reported the flaw is not flagged as exploited by ransomware crews
  • Google declined to name threat actors or victims

PRIMARY SOURCE

The Hacker News — Ravie Lakshmanan (2026-06-02)
· fetched at filing · archived at publication
Share
Filed by the Cyber desk · verified by the verification desk · re-verified 2026-07-02 · Our standards: the two-source rule ›
CITE THIS FILE — The Dossier Wire · cyb-2026-06-001 · filed 2026-06-02 · https://thedwire.com/wire/cyb-2026-06-001-google-patches-124-android-flaws-including-actively.html · Primary and corroborating sources listed above; archived at publication. Republishing & licensing: hello@thedwire.com.
More from Cyber FULL DESK ›
Trump Signs AI Executive Order Creating Treasury-Run 'AI Cybersecurity Clea
Generated illustration · not a photograph
CYBER · SCOOP 70

Trump Signs AI Executive Order Creating Treasury-Run 'AI Cybersecurity Clearinghouse' and 30-Day Frontier-Model Reviews

On June 2, 2026, President Trump signed an executive order titled 'Promoting Advanced Artificial Intelligence Innovation and Security,' directing national-security and civilian agencies to increase scrutiny of frontier AI models and to bolster federal cyber defenses against AI-enabled threats. A central provision tasks the Treasury Depart

✓ verified
READ THE FILE ›
Cyber desk illustration
Generated desk illustration · not a photograph
CYBER · SCOOP 60

May 2026 Ransomware: 646 Leak-Site Victims Across 61 Groups; Qilin Leads for Fifth Straight Month

Breachsense tracked 646 organizations listed on ransomware leak sites in May 2026, posted by 61 distinct groups across 73 countries and 59 industries. Qilin topped the rankings with 101 claimed victims, holding the number-one spot for the fifth consecutive month, followed by TheGentlemen (70), Akira (52), DragonForce (41) and INC_RANSOM (

✓ verified
READ THE FILE ›
Pro-Iranian hackers tricked Meta's AI support bot into handing over high-pr
Krebs on Security
CYBER · SCOOP 80

Pro-Iranian hackers tricked Meta's AI support bot into handing over high-profile Instagram accounts

Pro-Iranian hackers spent the last weekend of May seizing high-profile Instagram accounts by tricking Meta's AI support assistant into resetting their passwords, Brian Krebs reported. On May 31, word spread across several Telegram channels that Meta's AI bot would happily add a new email address to an existing account as part of its stand

✓ verifiednewSOURCE ↗
READ THE FILE ›

The morning wire in your inbox — every brief, primary sources linked, no noise.

Free tier. The Wire — continuous desk briefs · Records archive · Bureau alerts.

Stored to the wire's subscriber list. No spam, unsubscribe any time.