Archive snapshot

Wed, Jun 03 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Wed, Jun 03 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

1

NVD vulnerabilities

25

Top stories

Wed, 03 Jun 2026 15:48:52 +0530

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

9.8/10 · Must read/watch

The Hacker Newsvulnai

Summary
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool's ms-screensketch: URI handler, the ne

Open article ↗

Wed, Jun 03 · 06:00 AM CDT

Infosecurity Europe: Patch Responsibility Remains Up for Grabs as AI Unearths Decades of Flaws

9.3/10 · Must read/watch

Infosecurity Magazinevulnai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, 03 Jun 2026 14:03:35 +0530

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

9.2/10 · Must read/watch

The Hacker Newsvuln

Summary
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable

Open article ↗

Wed, Jun 03 · 06:00 AM CDT

Trump Signs Order Inviting Voluntary Review of Frontier AI Models

9.0/10 · Must read/watch

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Jun 03 · 06:00 AM CDT

Anthropic Expands Mythos Access to 150 More Organizations

9.0/10 · Must read/watch

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Wed, Jun 03 · 06:00 AM CDT

Infosecurity Europe: AI-Powered Cybercrime Tools Surge on Dark Web

8.7/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Jun 03 · 06:00 AM CDT

Infosecurity Europe: How to Get Boards to Prioritize Cyber Risk Quantification

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Jun 03 · 06:00 AM CDT

Infosecurity Europe: Execs Must Treat Cyber Threats as Statecraft, ISACA Expert Say

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, 03 Jun 2026 11:46:54 +0530

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

8.1/10 · Worth your time

The Hacker Newsmalwareai

Summary
Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Lab

Open article ↗

Wed, Jun 03 · 01:00 AM CDT

DIY Bipedal Robot Used Pneumatic "Air-Muscles" Instead of Motors

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 5 hours ago.

Open article ↗

Videos worth watching

Tue, Jun 02 · 08:00 AM CDT

A Hacker's Way of Thinking (with Ted Harrington)

7.6/10 · Worth your time

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Tue, Oct 06 · 01:59 AM CDT

CVE-2015-0987

10.0/10 · Must read/watch

NVDvuln

Summary
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.

CVECVE-2015-0987

SeverityCRITICAL

TypeUPDATED

PublishedTue, Oct 06 · 01:59 AM CDT

ModifiedTue, Jun 02 · 09:16 PM CDT

Open article ↗

Mon, Feb 13 · 09:59 PM CST

CVE-2016-9361

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions

CVECVE-2016-9361

SeverityCRITICAL

TypeUPDATED

PublishedMon, Feb 13 · 09:59 PM CST

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Mon, Feb 13 · 09:59 PM CST

CVE-2016-9366

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions

CVECVE-2016-9366

SeverityCRITICAL

TypeUPDATED

PublishedMon, Feb 13 · 09:59 PM CST

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Mon, Feb 13 · 09:59 PM CST

CVE-2016-9369

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions

CVECVE-2016-9369

SeverityCRITICAL

TypeUPDATED

PublishedMon, Feb 13 · 09:59 PM CST

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Mon, Jun 03 · 07:29 PM CDT

CVE-2017-14728

9.8/10 · Must read/watch

NVDvuln

Summary
An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public.

CVECVE-2017-14728

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jun 03 · 07:29 PM CDT

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Mon, Jun 03 · 07:29 PM CDT

CVE-2017-14851

9.8/10 · Must read/watch

NVDvuln

Summary
A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass.

CVECVE-2017-14851

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jun 03 · 07:29 PM CDT

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Tue, Jul 24 · 05:29 PM CDT

CVE-2018-10627

9.8/10 · Must read/watch

NVDvuln

Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not

CVECVE-2018-10627

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 24 · 05:29 PM CDT

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Tue, Jul 24 · 05:29 PM CDT

CVE-2018-8851

9.8/10 · Must read/watch

NVDvuln

Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.

CVECVE-2018-8851

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 24 · 05:29 PM CDT

ModifiedTue, Jun 02 · 09:16 PM CDT

Open article ↗

Tue, Jul 24 · 05:29 PM CDT

CVE-2018-8855

9.8/10 · Must read/watch

NVDvuln

Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.

CVECVE-2018-8855

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 24 · 05:29 PM CDT

ModifiedTue, Jun 02 · 09:16 PM CDT

Open article ↗

Tue, Jul 24 · 05:29 PM CDT

CVE-2018-8859

9.8/10 · Must read/watch

NVDvuln

Summary
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory

CVECVE-2018-8859

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 24 · 05:29 PM CDT

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Mon, Dec 16 · 08:15 PM CST

CVE-2019-18269

9.8/10 · Must read/watch

NVDvuln

Summary
Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.

CVECVE-2019-18269

SeverityCRITICAL

TypeUPDATED

PublishedMon, Dec 16 · 08:15 PM CST

ModifiedTue, Jun 02 · 09:16 PM CDT

Open article ↗

Tue, Feb 26 · 11:29 PM CST

CVE-2019-9201

9.8/10 · Must read/watch

NVDvuln

Summary
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.

CVECVE-2019-9201

SeverityCRITICAL

TypeUPDATED

PublishedTue, Feb 26 · 11:29 PM CST

ModifiedTue, Jun 02 · 09:16 PM CDT

Open article ↗

Fri, May 28 · 04:15 PM CDT

CVE-2020-15782

9.8/10 · Must read/watch

NVDvuln

Summary
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS

CVECVE-2020-15782

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 28 · 04:15 PM CDT

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Wed, Sep 09 · 07:15 PM CDT

CVE-2020-15786

9.8/10 · Must read/watch

NVDvuln

Summary
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devic

CVECVE-2020-15786

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 09 · 07:15 PM CDT

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Tue, Feb 09 · 05:15 PM CST

CVE-2020-15798

9.8/10 · Must read/watch

NVDvuln

Summary
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMIC

CVECVE-2020-15798

SeverityCRITICAL

TypeUPDATED

PublishedTue, Feb 09 · 05:15 PM CST

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Wed, May 12 · 02:15 PM CDT

CVE-2021-27384

9.8/10 · Must read/watch

NVDvuln

Summary
A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (Al

CVECVE-2021-27384

SeverityCRITICAL

TypeUPDATED

PublishedWed, May 12 · 02:15 PM CDT

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Mon, Jun 03 · 08:29 PM CDT

CVE-2017-14854

9.1/10 · Must read/watch

NVDvuln

Summary
A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25.

CVECVE-2017-14854

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jun 03 · 08:29 PM CDT

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Wed, Jan 06 · 03:15 PM CST

CVE-2020-27285

9.1/10 · Must read/watch

NVDvuln

Summary
The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.

CVECVE-2020-27285

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jan 06 · 03:15 PM CST

ModifiedTue, Jun 02 · 09:16 PM CDT

Open article ↗

Mon, Jun 16 · 04:15 PM CDT

CVE-2025-49794

9.1/10 · Must read/watch

NVDvuln

Summary
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or

CVECVE-2025-49794

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jun 16 · 04:15 PM CDT

ModifiedTue, Jun 02 · 02:16 PM CDT

Open article ↗

Mon, Jun 16 · 04:15 PM CDT

CVE-2025-49796

9.1/10 · Must read/watch

NVDvuln

Summary
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive

CVECVE-2025-49796

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jun 16 · 04:15 PM CDT

ModifiedTue, Jun 02 · 02:16 PM CDT

Open article ↗

Mon, Feb 13 · 09:59 PM CST

CVE-2016-9365

8.8/10 · Worth your time

NVDvuln

Summary
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions

CVECVE-2016-9365

SeverityHIGH

TypeUPDATED

PublishedMon, Feb 13 · 09:59 PM CST

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Wed, Feb 24 · 05:15 PM CST

CVE-2021-21974

8.8/10 · Worth your time

NVDvuln

Summary
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service res

CVECVE-2021-21974

SeverityHIGH

TypeUPDATED

PublishedWed, Feb 24 · 05:15 PM CST

ModifiedTue, Jun 02 · 09:16 PM CDT

Open article ↗

Mon, Mar 15 · 05:15 PM CDT

CVE-2021-25667

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and = V4.3 and = V4.3 and = V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1)

CVECVE-2021-25667

SeverityHIGH

TypeUPDATED

PublishedMon, Mar 15 · 05:15 PM CDT

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Mon, Jun 03 · 07:29 PM CDT

CVE-2017-14852

8.6/10 · Worth your time

NVDvuln

Summary
An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data.

CVECVE-2017-14852

SeverityHIGH

TypeUPDATED

PublishedMon, Jun 03 · 07:29 PM CDT

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Mon, Jun 03 · 07:29 PM CDT

CVE-2017-14853

8.6/10 · Worth your time

NVDvuln

Summary
The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device.

CVECVE-2017-14853

SeverityHIGH

TypeUPDATED

PublishedMon, Jun 03 · 07:29 PM CDT

ModifiedTue, Jun 02 · 08:16 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.