Archive snapshot

Wed, Jun 10 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Wed, Jun 10 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Wed, Jun 10 · 06:00 AM CDT

New Fable 5 Is a "Mythos-Class" LLM Available to All, Anthropic Announces

9.8/10 · Must read/watch

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Jun 10 · 06:00 AM CDT

Microsoft Fixes 200 CVEs in June Patch Tuesday

9.8/10 · Must read/watch

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, 10 Jun 2026 15:08:13 +0530

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

9.8/10 · Must read/watch

The Hacker Newsvuln

Summary
Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important

Open article ↗

Wed, 10 Jun 2026 12:32:08 +0530

ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances

9.8/10 · Must read/watch

The Hacker Newsvulnaiidentity

Summary
ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a security update to hosted customer instances," the company rev

Open article ↗

Wed, 10 Jun 2026 10:52:01 +0530

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

9.5/10 · Must read/watch

The Hacker Newsvuln

Summary
The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," t

Open article ↗

Worth skimming

Wed, 10 Jun 2026 13:07:59 +0530

Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards

9.4/10 · Must read/watch

The Hacker Newsai

Summary
On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers. Fable 5 goes to the p

Open article ↗

Wed, Jun 10 · 06:00 AM CDT

Over a Quarter of Identity Crime Victims Hit by Multiple Incidents, ITRC Data Shows

8.9/10 · Worth your time

Infosecurity Magazineidentity

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Jun 10 · 04:00 AM CDT

AWS Bedrock to require sharing data with Anthropic for Mythos and future models

8.7/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 2 hours ago.

Open article ↗

Wed, 10 Jun 2026 10:38:35 +0530

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

8.1/10 · Worth your time

The Hacker Newsvuln

Summary
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (D

Open article ↗

Wed, Jun 10 · 06:00 AM CDT

Google Releases Patch for Chrome Vulnerability Exploited in the Wild

8.0/10 · Worth your time

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Thu, Dec 12 · 07:15 PM CST

CVE-2024-55875

9.8/10 · Must read/watch

NVDvuln

Summary
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trigger Server-side Reque

CVECVE-2024-55875

SeverityCRITICAL

TypeUPDATED

PublishedThu, Dec 12 · 07:15 PM CST

ModifiedTue, Jun 09 · 11:16 AM CDT

Open article ↗

Tue, Dec 09 · 06:15 PM CST

CVE-2025-59718

9.8/10 · Must read/watch

NVDvuln

Summary
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.

CVECVE-2025-59718

SeverityCRITICAL

TypeUPDATED

PublishedTue, Dec 09 · 06:15 PM CST

ModifiedTue, Jun 09 · 12:47 PM CDT

Open article ↗

Tue, Jan 27 · 08:16 PM CST

CVE-2026-24858

9.8/10 · Must read/watch

NVDvuln

Summary
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9,

CVECVE-2026-24858

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jan 27 · 08:16 PM CST

ModifiedTue, Jun 09 · 06:30 PM CDT

Open article ↗

Thu, Jun 04 · 11:17 PM CDT

CVE-2026-11165

9.6/10 · Must read/watch

NVDvuln

Summary
Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVECVE-2026-11165

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jun 04 · 11:17 PM CDT

ModifiedTue, Jun 09 · 02:24 PM CDT

Open article ↗

Wed, May 13 · 07:17 PM CDT

CVE-2026-0257

9.1/10 · Must read/watch

NVDvuln

Summary
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

CVECVE-2026-0257

SeverityCRITICAL

TypeUPDATED

PublishedWed, May 13 · 07:17 PM CDT

ModifiedTue, Jun 09 · 12:47 PM CDT

Open article ↗

Thu, May 28 · 10:16 AM CDT

CVE-2026-46155

9.1/10 · Must read/watch

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2_compound_op() If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, check_wsl_eas() returns success without validating that the entire OutputBufferLength fits

CVECVE-2026-46155

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 28 · 10:16 AM CDT

ModifiedTue, Jun 09 · 09:04 PM CDT

Open article ↗

Wed, Jun 03 · 06:16 PM CDT

CVE-2026-46244

9.1/10 · Must read/watch

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() correctly computes the transport header offset traversing all extension headers, but the result is immediately overwritten

CVECVE-2026-46244

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jun 03 · 06:16 PM CDT

ModifiedTue, Jun 09 · 08:35 PM CDT

Open article ↗

Wed, Jun 03 · 06:16 PM CDT

CVE-2026-46266

9.1/10 · Must read/watch

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTO_RAW (255) was dangerous. socket(AF_INET, SOCK_RAW, 255); A malicious incoming ICMP packet can set the protocol field

CVECVE-2026-46266

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jun 03 · 06:16 PM CDT

ModifiedTue, Jun 09 · 07:47 PM CDT

Open article ↗

Thu, Jun 04 · 11:16 PM CDT

CVE-2026-10941

8.8/10 · Worth your time

NVDvuln

Summary
Out of bounds memory access in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVECVE-2026-10941

SeverityHIGH

TypeUPDATED

PublishedThu, Jun 04 · 11:16 PM CDT

ModifiedTue, Jun 09 · 07:21 PM CDT

Open article ↗

Thu, Jun 04 · 11:16 PM CDT

CVE-2026-10943

8.8/10 · Worth your time

NVDvuln

Summary
Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVECVE-2026-10943

SeverityHIGH

TypeUPDATED

PublishedThu, Jun 04 · 11:16 PM CDT

ModifiedTue, Jun 09 · 07:02 PM CDT

Open article ↗

Thu, Jun 04 · 11:16 PM CDT

CVE-2026-10945

8.8/10 · Worth your time

NVDvuln

Summary
Use after free in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

CVECVE-2026-10945

SeverityHIGH

TypeUPDATED

PublishedThu, Jun 04 · 11:16 PM CDT

ModifiedTue, Jun 09 · 07:01 PM CDT

Open article ↗

Thu, Jun 04 · 11:16 PM CDT

CVE-2026-10947

8.8/10 · Worth your time

NVDvuln

Summary
Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVECVE-2026-10947

SeverityHIGH

TypeUPDATED

PublishedThu, Jun 04 · 11:16 PM CDT

ModifiedTue, Jun 09 · 06:53 PM CDT

Open article ↗

Thu, Jun 04 · 11:16 PM CDT

CVE-2026-10948

8.8/10 · Worth your time

NVDvuln

Summary
Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVECVE-2026-10948

SeverityHIGH

TypeUPDATED

PublishedThu, Jun 04 · 11:16 PM CDT

ModifiedTue, Jun 09 · 06:52 PM CDT

Open article ↗

Thu, Jun 04 · 11:16 PM CDT

CVE-2026-10954

8.8/10 · Worth your time

NVDvuln

Summary
Use after free in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVECVE-2026-10954

SeverityHIGH

TypeUPDATED

PublishedThu, Jun 04 · 11:16 PM CDT

ModifiedTue, Jun 09 · 06:49 PM CDT

Open article ↗

Thu, Jun 04 · 11:16 PM CDT

CVE-2026-10956

8.8/10 · Worth your time

NVDvuln

Summary
Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVECVE-2026-10956

SeverityHIGH

TypeUPDATED

PublishedThu, Jun 04 · 11:16 PM CDT

ModifiedTue, Jun 09 · 06:48 PM CDT

Open article ↗

Tue, Jun 02 · 09:16 AM CDT

CVE-2026-1784

8.8/10 · Worth your time

NVDvuln

Summary
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.

CVECVE-2026-1784

SeverityHIGH

TypeUPDATED

PublishedTue, Jun 02 · 09:16 AM CDT

ModifiedWed, Jun 10 · 10:16 AM CDT

Open article ↗

Fri, May 01 · 02:16 PM CDT

CVE-2026-31709

8.8/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild the chmod/chown security descriptor. The ori

CVECVE-2026-31709

SeverityHIGH

TypeUPDATED

PublishedFri, May 01 · 02:16 PM CDT

ModifiedTue, Jun 09 · 11:16 AM CDT

Open article ↗

Thu, May 28 · 10:16 AM CDT

CVE-2026-46152

8.8/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rx_result ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but its per-invocation rx_result is declared static. Concurrent callers then share one instance and can overwrite each other's

CVECVE-2026-46152

SeverityHIGH

TypeUPDATED

PublishedThu, May 28 · 10:16 AM CDT

ModifiedTue, Jun 09 · 09:06 PM CDT

Open article ↗

Wed, Jun 03 · 06:16 PM CDT

CVE-2026-46264

8.8/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm_add_action_or_reset() failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: [ ] kobject: '(null)' (ff110001393608e0): is not ini

CVECVE-2026-46264

SeverityHIGH

TypeUPDATED

PublishedWed, Jun 03 · 06:16 PM CDT

ModifiedTue, Jun 09 · 05:26 PM CDT

Open article ↗

Wed, Jun 03 · 06:16 PM CDT

CVE-2026-46273

8.6/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stopping all traffic until ma

CVECVE-2026-46273

SeverityHIGH

TypeUPDATED

PublishedWed, Jun 03 · 06:16 PM CDT

ModifiedTue, Jun 09 · 05:31 PM CDT

Open article ↗

Wed, Jun 03 · 06:16 PM CDT

CVE-2026-46251

8.4/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add the block group tree to the switch_commits list before calling switch_commit_roots, as we do for the tree root and the chunk root. Ho

CVECVE-2026-46251

SeverityHIGH

TypeUPDATED

PublishedWed, Jun 03 · 06:16 PM CDT

ModifiedTue, Jun 09 · 08:38 PM CDT

Open article ↗

Wed, Jun 03 · 06:16 PM CDT

CVE-2026-46270

8.4/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ the `devm_` variant for allocating/registering the `power_supply` handle, means that the `power_supply` handle will be deallocated

CVECVE-2026-46270

SeverityHIGH

TypeUPDATED

PublishedWed, Jun 03 · 06:16 PM CDT

ModifiedTue, Jun 09 · 07:52 PM CDT

Open article ↗

Thu, Jun 04 · 11:16 PM CDT

CVE-2026-10949

8.3/10 · Worth your time

NVDvuln

Summary
Heap buffer overflow in Video in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVECVE-2026-10949

SeverityHIGH

TypeUPDATED

PublishedThu, Jun 04 · 11:16 PM CDT

ModifiedTue, Jun 09 · 06:52 PM CDT

Open article ↗

Fri, Mar 20 · 12:16 AM CDT

CVE-2026-32759

8.1/10 · Worth your time

NVDvuln

Summary
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating that the value is non-neg

CVECVE-2026-32759

SeverityHIGH

TypeUPDATED

PublishedFri, Mar 20 · 12:16 AM CDT

ModifiedTue, Jun 09 · 01:16 PM CDT

Open article ↗

Thu, Jun 26 · 07:15 PM CDT

CVE-2025-52903

8.0/10 · Worth your time

NVDvuln

Summary
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions on the 2.x branch prior to 2.33.10, the Command Execution feature of File Browser only allows the execution of shell command which have been predefined on a user

CVECVE-2025-52903

SeverityHIGH

TypeUPDATED

PublishedThu, Jun 26 · 07:15 PM CDT

ModifiedTue, Jun 09 · 01:16 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.