Cyber Security News

Hacking Editorial Brief — June 5, 2026

Active Exploitation Targeting WordPress and Android Systems

Threat actors are actively exploiting a critical vulnerability in the WP Maps Pro WordPress plugin to create administrative accounts and take over websites, with security researchers blocking over 1,700 attacks in a 24-hour period. The campaign demonstrates sustained targeting of WordPress sites for unauthorized access and control. Separately, Google released June 2026 Android security patches addressing 124 vulnerabilities, including a high-severity zero-day framework flaw currently under active targeted exploitation. The zero-day represents ongoing threat actor activity against mobile platforms, though Google has not disclosed attribution or attack details.

Physical Social Engineering and Development Environment Attacks

The FBI issued a warning about Silent Ransom Group (SRG) conducting physical intrusion operations where attackers arrive at offices posing as IT support personnel to gain network access. The social engineering campaign represents a shift to in-person tactics bypassing technical security controls. In the development environment space, researchers disclosed a proof-of-concept exploit for Visual Studio Code that enables attackers to steal GitHub tokens with full repository access through a zero-click attack triggered by a malicious link. Additionally, a whistleblower accused IBM and AT&T of covering up foreign state-sponsored breaches of IBM's cloud infrastructure, with the U.S. Department of Justice previously charging two alleged Chinese hacking group members related to 2018 intrusions.

Sources: Security Week · Bleeping Computer · The Independent · The Register · Fortune