Weekly Threat Roundup: SolarWinds & Android Flaws (June 1-7)

This Week at a Glance

Two high-severity vulnerabilities are under active exploitation: an Android integer overflow (CVE-2025-48595) and an unauthenticated DoS in SolarWinds Serv-U (CVE-2026-28318). Meanwhile, data breaches exposed millions of records, including 2.6M from DentaQuest, and CISA added three flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Top Vulnerabilities

• CVE-2025-48595 (CVSS 8.4): An integer overflow in multiple Android locations could lead to local code execution. Actively exploited in the wild. Full advisory.
• CVE-2026-28318 (CVSS 7.5): SolarWinds Serv-U is vulnerable to unauthenticated POST requests that crash the service. Added to CISA’s KEV catalog. Full advisory.

Data Breaches

• DentaQuest: 2.6M records exposed by ShinyHunters. Full report.
• BCD Travel: 396K corporate travel records compromised. Full report.
• Edmunds: 178K accounts with emails and passwords leaked. Full report.
• Baker Distributing: 103K contractor and customer records exposed. Full report.

Threat Intelligence

• CISA KEV Updates: Added exploits for Oracle WebLogic (CVE-2024-21182), SolarWinds Serv-U (CVE-2026-28318), and Magento (CVE-2026-45247). Oracle WebLogic, SolarWinds, Magento.
• Industrial Security: CISA urged stronger security for automatic tank gauge systems. Full article.
• Ransomware Claims: Threat actors Nova, Stormous, and Play claimed attacks on Universitas Nasional, katholiekamersfoort.nl (10GB), and Pearson Ford. Universitas Nasional, katholiekamersfoort, Pearson Ford.

Key Takeaway

CISA’s rapid addition of three distinct vulnerabilities to the KEV catalog this week signals a shift toward broader, more aggressive exploitation of edge devices and enterprise software. Security teams should prioritize patching internet-facing services (SolarWinds Serv-U, Magento, Oracle WebLogic) and mobile endpoints (Android) immediately, as attackers are moving faster than patch cycles.