Archive snapshot

Sat, Jun 06 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Sat, Jun 06 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

1

NVD vulnerabilities

25

Top stories

Sat, 06 Jun 2026 12:58:30 +0530

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

9.8/10 · Must read/watch

The Hacker Newsvulnai

Summary
Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Googl

Open article ↗

Sat, 06 Jun 2026 12:28:04 +0530

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

9.8/10 · Must read/watch

The Hacker Newssupply-chainai

Summary
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples,

Open article ↗

Sat, Jun 06 · 12:00 AM CDT

S&P 500 rejects SpaceX, also blocking entry for OpenAI and Anthropic

9.7/10 · Must read/watch

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 6 hours ago.

Open article ↗

Sat, 06 Jun 2026 13:44:31 +0530

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

9.3/10 · Must read/watch

The Hacker Newsvulnpolicy

Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitatio

Open article ↗

Sat, 06 Jun 2026 13:59:05 +0530

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

8.6/10 · Worth your time

The Hacker Newsai

Summary
A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the

Open article ↗

Worth skimming

Sat, Jun 06 · 06:00 AM CDT

Infosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft Warns

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, Jun 06 · 06:00 AM CDT

Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark

8.0/10 · Worth your time

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, Jun 06 · 06:00 AM CDT

Infosecurity Europe: Practical Lessons From Lloyds' Agentic AI Security Playbook

7.8/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, Jun 06 · 06:00 AM CDT

Infosecurity Europe: Reactive Security Is Failing Healthcare Organizations, Experts Warn

7.8/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, Jun 06 · 04:00 AM CDT

GrapheneOS user reported to authorities for using GrapheneOS

7.6/10 · Worth your time

Hacker Newsidentity

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 2 hours ago.

Open article ↗

Videos worth watching

Sat, Jun 06 · 01:06 AM CDT

JHT Course Launch! Windows Maldev 6

7.0/10 · Worth your time

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Tue, Jul 22 · 12:15 PM CDT

CVE-2025-4285

10.0/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL Injection. This issue affects Agentis: before 4.32.

CVECVE-2025-4285

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 22 · 12:15 PM CDT

ModifiedFri, Jun 05 · 06:16 PM CDT

Open article ↗

Tue, Jun 24 · 05:15 PM CDT

CVE-2025-4378

10.0/10 · Must read/watch

NVDvuln

Summary
Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025.

CVECVE-2025-4378

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 24 · 05:15 PM CDT

ModifiedFri, Jun 05 · 04:16 PM CDT

Open article ↗

Thu, Jul 24 · 01:15 PM CDT

CVE-2025-5243

10.0/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information Portal: before 13.06.2025

CVECVE-2025-5243

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jul 24 · 01:15 PM CDT

ModifiedFri, Jun 05 · 03:16 PM CDT

Open article ↗

Tue, Jul 16 · 02:15 PM CDT

CVE-2019-1010292

9.8/10 · Must read/watch

NVDvuln

Summary
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.

CVECVE-2019-1010292

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 16 · 02:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Mon, Jul 15 · 06:15 PM CDT

CVE-2019-1010293

9.8/10 · Must read/watch

NVDvuln

Summary
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.

CVECVE-2019-1010293

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 15 · 06:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Mon, Jul 15 · 06:15 PM CDT

CVE-2019-1010295

9.8/10 · Must read/watch

NVDvuln

Summary
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.

CVECVE-2019-1010295

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 15 · 06:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Mon, Jul 15 · 06:15 PM CDT

CVE-2019-1010296

9.8/10 · Must read/watch

NVDvuln

Summary
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

CVECVE-2019-1010296

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 15 · 06:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Mon, Jul 15 · 06:15 PM CDT

CVE-2019-1010297

9.8/10 · Must read/watch

NVDvuln

Summary
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.

CVECVE-2019-1010297

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 15 · 06:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Mon, Jul 15 · 06:15 PM CDT

CVE-2019-1010298

9.8/10 · Must read/watch

NVDvuln

Summary
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

CVECVE-2019-1010298

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 15 · 06:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Mon, Dec 20 · 08:15 AM CST

CVE-2021-44732

9.8/10 · Must read/watch

NVDvuln

Summary
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

CVECVE-2021-44732

SeverityCRITICAL

TypeUPDATED

PublishedMon, Dec 20 · 08:15 AM CST

ModifiedFri, Jun 05 · 07:38 PM CDT

Open article ↗

Thu, Dec 15 · 11:15 PM CST

CVE-2022-46393

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

CVECVE-2022-46393

SeverityCRITICAL

TypeUPDATED

PublishedThu, Dec 15 · 11:15 PM CST

ModifiedFri, Jun 05 · 07:38 PM CDT

Open article ↗

Sat, Oct 07 · 01:15 AM CDT

CVE-2023-45199

9.8/10 · Must read/watch

NVDvuln

Summary
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.

CVECVE-2023-45199

SeverityCRITICAL

TypeUPDATED

PublishedSat, Oct 07 · 01:15 AM CDT

ModifiedFri, Jun 05 · 07:38 PM CDT

Open article ↗

Thu, Sep 05 · 07:15 PM CDT

CVE-2024-45158

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in inter

CVECVE-2024-45158

SeverityCRITICAL

TypeUPDATED

PublishedThu, Sep 05 · 07:15 PM CDT

ModifiedFri, Jun 05 · 07:38 PM CDT

Open article ↗

Thu, Sep 05 · 07:15 PM CDT

CVE-2024-45159

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have t

CVECVE-2024-45159

SeverityCRITICAL

TypeUPDATED

PublishedThu, Sep 05 · 07:15 PM CDT

ModifiedFri, Jun 05 · 07:38 PM CDT

Open article ↗

Tue, Oct 15 · 08:15 PM CDT

CVE-2024-49195

9.8/10 · Must read/watch

NVDvuln

Summary
Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair

CVECVE-2024-49195

SeverityCRITICAL

TypeUPDATED

PublishedTue, Oct 15 · 08:15 PM CDT

ModifiedFri, Jun 05 · 07:38 PM CDT

Open article ↗

Tue, Jul 30 · 01:15 PM CDT

CVE-2024-6699

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc. Mikafon MA7 allows SQL Injection. This issue affects Mikafon MA7: from v3.0 before v3.1.

CVECVE-2024-6699

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 30 · 01:15 PM CDT

ModifiedFri, Jun 05 · 01:16 PM CDT

Open article ↗

Wed, Sep 03 · 09:15 AM CDT

CVE-2025-1740

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force. This issue affects MyRezzta: from s2.03.01 before v2.05.01.

CVECVE-2025-1740

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 03 · 09:15 AM CDT

ModifiedSat, Jun 06 · 08:16 AM CDT

Open article ↗

Fri, May 02 · 12:15 PM CDT

CVE-2025-2421

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection. This issue affects SambaBox: before 5.1.

CVECVE-2025-2421

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 02 · 12:15 PM CDT

ModifiedSat, Jun 06 · 06:16 AM CDT

Open article ↗

Fri, May 02 · 09:15 AM CDT

CVE-2025-2812

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection. This issue affects Ticket Sales Automation: before 03.04.2025 (DD.MM.YYYY).

CVECVE-2025-2812

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 02 · 09:15 AM CDT

ModifiedSat, Jun 06 · 06:16 AM CDT

Open article ↗

Thu, Jun 19 · 01:15 PM CDT

CVE-2025-4738

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection. This issue affects MY ERP: before 1.170.

CVECVE-2025-4738

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jun 19 · 01:15 PM CDT

ModifiedFri, Jun 05 · 04:16 PM CDT

Open article ↗

Thu, Jul 24 · 02:15 PM CDT

CVE-2025-4784

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Moderec Tourtella allows SQL Injection. This issue affects Tourtella: before 26.05.2025.

CVECVE-2025-4784

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jul 24 · 02:15 PM CDT

ModifiedFri, Jun 05 · 04:16 PM CDT

Open article ↗

Thu, Jul 24 · 01:15 PM CDT

CVE-2025-4822

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL Injection. This issue affects ScadaWatt Otopilot: before 27.05.2025.

CVECVE-2025-4822

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jul 24 · 01:15 PM CDT

ModifiedFri, Jun 05 · 04:16 PM CDT

Open article ↗

Mon, Jul 28 · 11:15 AM CDT

CVE-2025-6918

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncvav Virtual PBX Software allows SQL Injection. This issue affects Virtual PBX Software: before 09.07.2025.

CVECVE-2025-6918

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 28 · 11:15 AM CDT

ModifiedFri, Jun 05 · 03:16 PM CDT

Open article ↗

Tue, Jun 24 · 04:15 PM CDT

CVE-2025-4383

9.3/10 · Must read/watch

NVDvuln

Summary
Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot allows Authentication Abuse, Authentication Bypass. This issue affects Wi-Fi Cloud Hotspot: before 30.05.2025.

CVECVE-2025-4383

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 24 · 04:15 PM CDT

ModifiedFri, Jun 05 · 04:16 PM CDT

Open article ↗

Wed, Aug 11 · 03:15 PM CDT

CVE-2019-25052

9.1/10 · Must read/watch

NVDvuln

Summary
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.

CVECVE-2019-25052

SeverityCRITICAL

TypeUPDATED

PublishedWed, Aug 11 · 03:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.