Archive snapshot

Mon, Jun 01 · 06:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Mon, Jun 01 · 06:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

2

NVD vulnerabilities

25

Top stories

Mon, 01 Jun 2026 23:10:28 +0530

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

9.8/10 · Must read/watch

The Hacker Newssupply-chainaiidentity

Summary
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign:

Open article ↗

Mon, Jun 01 · 06:00 PM CDT

Attackers Abuse Shared Content for ChatGPT Phishing Campaign

8.9/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Mon, Jun 01 · 03:00 PM CDT

Florida sues OpenAI and Sam Altman over AI risks

8.9/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Mon, Jun 01 · 02:00 PM CDT

GitHub and the crime against software

8.9/10 · Worth your time

Hacker Newssupply-chainai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Mon, Jun 01 · 12:00 PM CDT

The newest Instagram “exploit” is the goofiest I've seen

8.8/10 · Worth your time

Hacker Newsvuln

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 6 hours ago.

Open article ↗

Worth skimming

Mon, Jun 01 · 06:00 PM CDT

Palo Alto Warns High-Severity Bug Is Being Actively Exploited

8.5/10 · Worth your time

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Mon, Jun 01 · 12:00 PM CDT

Anthropic confidentially submits draft S-1 to the SEC

8.4/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 6 hours ago.

Open article ↗

Mon, 01 Jun 2026 19:49:09 +0000

Dozens of Red Hat packages backdoored through its official NPM channel

8.3/10 · Worth your time

Ars Technicasupply-chain

Summary
Anyone who has downloaded affected Red Hat packages should investigate immediately.

Open article ↗

Mon, Jun 01 · 06:00 PM CDT

Infosecurity Europe: AI SOCs Will Still Need SOC Analysts, Security Vendors Say

8.2/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Mon, Jun 01 · 06:00 PM CDT

Critical Flowise Flaw Gives Attackers Full Server Control

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Mon, Jun 01 · 07:45 AM CDT

How I Found My First $3,000 AI Vulnerability

8.8/10 · Worth your time

YouTube / NahamSecvulnai

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

Mon, Jun 01 · 08:00 AM CDT

A Linux Backdoor is For Sale on the Dark Web

7.6/10 · Worth your time

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Sun, May 31 · 03:16 PM CDT

CVE-2026-10187

9.8/10 · Must read/watch

NVDvuln

Summary
A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer overflow. The attack is possible to be carried

CVECVE-2026-10187

SeverityCRITICAL

TypeNEW

PublishedSun, May 31 · 03:16 PM CDT

ModifiedSun, May 31 · 03:16 PM CDT

Open article ↗

Mon, Jun 01 · 04:16 AM CDT

CVE-2026-48188

9.1/10 · Must read/watch

NVDvuln

Summary
An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode. This issue affec

CVECVE-2026-48188

SeverityCRITICAL

TypeNEW

PublishedMon, Jun 01 · 04:16 AM CDT

ModifiedMon, Jun 01 · 04:16 AM CDT

Open article ↗

Sun, May 31 · 11:16 AM CDT

CVE-2026-10179

8.8/10 · Worth your time

NVDvuln

Summary
A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. T

CVECVE-2026-10179

SeverityHIGH

TypeNEW

PublishedSun, May 31 · 11:16 AM CDT

ModifiedSun, May 31 · 11:16 AM CDT

Open article ↗

Sun, May 31 · 01:16 PM CDT

CVE-2026-10181

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.

CVECVE-2026-10181

SeverityHIGH

TypeNEW

PublishedSun, May 31 · 01:16 PM CDT

ModifiedSun, May 31 · 01:16 PM CDT

Open article ↗

Sun, May 31 · 02:16 PM CDT

CVE-2026-10183

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor

CVECVE-2026-10183

SeverityHIGH

TypeNEW

PublishedSun, May 31 · 02:16 PM CDT

ModifiedSun, May 31 · 02:16 PM CDT

Open article ↗

Sun, May 31 · 03:16 PM CDT

CVE-2026-10188

8.8/10 · Worth your time

NVDvuln

Summary
A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.

CVECVE-2026-10188

SeverityHIGH

TypeNEW

PublishedSun, May 31 · 03:16 PM CDT

ModifiedSun, May 31 · 03:16 PM CDT

Open article ↗

Sun, May 31 · 04:16 PM CDT

CVE-2026-10189

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be

CVECVE-2026-10189

SeverityHIGH

TypeNEW

PublishedSun, May 31 · 04:16 PM CDT

ModifiedSun, May 31 · 04:16 PM CDT

Open article ↗

Sun, May 31 · 04:16 PM CDT

CVE-2026-10191

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be util

CVECVE-2026-10191

SeverityHIGH

TypeNEW

PublishedSun, May 31 · 04:16 PM CDT

ModifiedSun, May 31 · 04:16 PM CDT

Open article ↗

Sun, May 31 · 05:16 PM CDT

CVE-2026-10192

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.

CVECVE-2026-10192

SeverityHIGH

TypeNEW

PublishedSun, May 31 · 05:16 PM CDT

ModifiedSun, May 31 · 05:16 PM CDT

Open article ↗

Mon, Jun 01 · 01:16 AM CDT

CVE-2026-10206

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument str results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The initial researcher

CVECVE-2026-10206

SeverityHIGH

TypeNEW

PublishedMon, Jun 01 · 01:16 AM CDT

ModifiedMon, Jun 01 · 01:16 AM CDT

Open article ↗

Fri, Apr 24 · 01:16 PM CDT

CVE-2026-5367

8.6/10 · Worth your time

NVDvuln

Summary
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensi

CVECVE-2026-5367

SeverityHIGH

TypeUPDATED

PublishedFri, Apr 24 · 01:16 PM CDT

ModifiedMon, Jun 01 · 04:16 AM CDT

Open article ↗

Sun, May 31 · 01:16 PM CDT

CVE-2026-49489

8.5/10 · Worth your time

NVDvuln

Summary
OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform time-based blind injection att

CVECVE-2026-49489

SeverityHIGH

TypeNEW

PublishedSun, May 31 · 01:16 PM CDT

ModifiedSun, May 31 · 01:16 PM CDT

Open article ↗

Mon, Jun 01 · 09:16 AM CDT

CVE-2026-44825

8.1/10 · Worth your time

NVDvuln

Summary
Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specified account. As an imm

CVECVE-2026-44825

SeverityHIGH

TypeNEW

PublishedMon, Jun 01 · 09:16 AM CDT

ModifiedMon, Jun 01 · 09:16 AM CDT

Open article ↗

Sun, May 31 · 01:16 PM CDT

CVE-2026-49490

8.1/10 · Worth your time

NVDvuln

Summary
OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by manipulating filter reque

CVECVE-2026-49490

SeverityHIGH

TypeNEW

PublishedSun, May 31 · 01:16 PM CDT

ModifiedSun, May 31 · 01:16 PM CDT

Open article ↗

Mon, Jun 01 · 09:16 AM CDT

CVE-2026-27788

7.8/10 · Worth your time

NVDvuln

Summary
Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.

CVECVE-2026-27788

SeverityHIGH

TypeNEW

PublishedMon, Jun 01 · 09:16 AM CDT

ModifiedMon, Jun 01 · 09:16 AM CDT

Open article ↗

Mon, Jun 01 · 09:16 AM CDT

CVE-2026-32325

7.8/10 · Worth your time

NVDvuln

Summary
Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.

CVECVE-2026-32325

SeverityHIGH

TypeNEW

PublishedMon, Jun 01 · 09:16 AM CDT

ModifiedMon, Jun 01 · 09:16 AM CDT

Open article ↗

Fri, Oct 03 · 11:15 AM CDT

CVE-2025-11234

7.5/10 · Worth your time

NVDvuln

Summary
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket

CVECVE-2025-11234

SeverityHIGH

TypeUPDATED

PublishedFri, Oct 03 · 11:15 AM CDT

ModifiedMon, Jun 01 · 04:16 AM CDT

Open article ↗

Sun, May 31 · 02:16 AM CDT

CVE-2026-10157

7.3/10 · Worth your time

NVDvuln

Summary
A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and mig

CVECVE-2026-10157

SeverityHIGH

TypeUPDATED

PublishedSun, May 31 · 02:16 AM CDT

ModifiedMon, Jun 01 · 08:16 AM CDT

Open article ↗

Sun, May 31 · 11:16 AM CDT

CVE-2026-10178

7.3/10 · Worth your time

NVDvuln

Summary
A vulnerability was detected in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

CVECVE-2026-10178

SeverityHIGH

TypeNEW

PublishedSun, May 31 · 11:16 AM CDT

ModifiedSun, May 31 · 11:16 AM CDT

Open article ↗

Sun, May 31 · 02:16 PM CDT

CVE-2026-10184

7.3/10 · Worth your time

NVDvuln

Summary
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This impacts an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public

CVECVE-2026-10184

SeverityHIGH

TypeNEW

PublishedSun, May 31 · 02:16 PM CDT

ModifiedSun, May 31 · 02:16 PM CDT

Open article ↗

Sun, May 31 · 02:16 PM CDT

CVE-2026-10185

7.3/10 · Worth your time

NVDvuln

Summary
A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the pu

CVECVE-2026-10185

SeverityHIGH

TypeNEW

PublishedSun, May 31 · 02:16 PM CDT

ModifiedSun, May 31 · 02:16 PM CDT

Open article ↗

Sun, May 31 · 02:16 PM CDT

CVE-2026-10186

7.3/10 · Worth your time

NVDvuln

Summary
A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed pub

CVECVE-2026-10186

SeverityHIGH

TypeNEW

PublishedSun, May 31 · 02:16 PM CDT

ModifiedSun, May 31 · 02:16 PM CDT

Open article ↗

Mon, Jun 01 · 02:16 AM CDT

CVE-2026-10208

7.3/10 · Worth your time

NVDvuln

Summary
A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function login_user of the file login_1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

CVECVE-2026-10208

SeverityHIGH

TypeNEW

PublishedMon, Jun 01 · 02:16 AM CDT

ModifiedMon, Jun 01 · 02:16 AM CDT

Open article ↗

Mon, Jun 01 · 03:16 AM CDT

CVE-2026-10214

7.3/10 · Worth your time

NVDvuln

Summary
A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been made availab

CVECVE-2026-10214

SeverityHIGH

TypeNEW

PublishedMon, Jun 01 · 03:16 AM CDT

ModifiedMon, Jun 01 · 03:16 AM CDT

Open article ↗

Mon, Jun 01 · 04:16 AM CDT

CVE-2026-10219

7.3/10 · Worth your time

NVDvuln

Summary
A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been ma

CVECVE-2026-10219

SeverityHIGH

TypeNEW

PublishedMon, Jun 01 · 04:16 AM CDT

ModifiedMon, Jun 01 · 04:16 AM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.