Archive snapshot

Wed, Apr 08 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Wed, Apr 08 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

8

Worth skimming

0

Tracked videos

1

NVD vulnerabilities

25

Top stories

Wed, 08 Apr 2026 14:46:00 +0530

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

9.4/10 · Must read/watch

The Hacker Newsvulnai

Summary
Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities. Th

Open article ↗

Wed, 08 Apr 2026 13:17:00 +0530

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

8.8/10 · Worth your time

The Hacker Newssupply-chainai

Summary
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. "The threat actor's packages were designed to impersonate legitimate develo

Open article ↗

Wed, Apr 08 · 06:00 AM CDT

US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers

8.6/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, 08 Apr 2026 10:54:14 +0000

US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking

8.5/10 · Worth your time

SecurityWeekvulnai

Summary
The APT28 threat group exploited vulnerable TP-Link and MikroTik routers to conduct adversary-in-the-middle (AitM) attacks. The post US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking appeared first on SecurityWeek .

Open article ↗

Wed, Apr 08 · 06:00 AM CDT

Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks

8.1/10 · Worth your time

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 08 · 06:00 AM CDT

Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns

8.0/10 · Worth your time

Infosecurity Magazinepolicyidentity

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 08 · 06:00 AM CDT

GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration

8.0/10 · Worth your time

Infosecurity Magazinevulnai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 08 · 06:00 AM CDT

Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited

8.0/10 · Worth your time

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Nothing surfaced yet.

Videos worth watching

Tue, Apr 07 · 08:02 AM CDT

Hackers make FAKE notifications

7.6/10 · Worth your time

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Thu, Mar 26 · 06:16 PM CDT

CVE-2026-33494

10.0/10 · Must read/watch

NVDvuln

Summary
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences (e.g. `/public/../ad

CVECVE-2026-33494

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 26 · 06:16 PM CDT

ModifiedTue, Apr 07 · 09:15 PM CDT

Open article ↗

Tue, Mar 31 · 02:16 PM CDT

CVE-2026-34156

9.9/10 · Must read/watch

NVDvuln

Summary
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist (controlled by WORKFLOW_SCRIPT_MODULES env var). However

CVECVE-2026-34156

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 31 · 02:16 PM CDT

ModifiedTue, Apr 07 · 08:57 PM CDT

Open article ↗

Thu, Nov 10 · 04:15 PM CST

CVE-2022-45063

9.8/10 · Must read/watch

NVDvuln

Summary
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.

CVECVE-2022-45063

SeverityCRITICAL

TypeUPDATED

PublishedThu, Nov 10 · 04:15 PM CST

ModifiedWed, Apr 08 · 04:16 AM CDT

Open article ↗

Tue, Mar 31 · 09:16 PM CDT

CVE-2026-1579

9.8/10 · Must read/watch

NVDvuln

Summary
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIAL_CONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink interface. PX4 provides MAV

CVECVE-2026-1579

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 31 · 09:16 PM CDT

ModifiedTue, Apr 07 · 03:33 PM CDT

Open article ↗

Mon, Feb 09 · 05:16 AM CST

CVE-2026-1615

9.8/10 · Must read/watch

NVDvuln

Summary
Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerabilit

CVECVE-2026-1615

SeverityCRITICAL

TypeUPDATED

PublishedMon, Feb 09 · 05:16 AM CST

ModifiedTue, Apr 07 · 02:16 PM CDT

Open article ↗

Thu, Feb 26 · 09:28 PM CST

CVE-2026-22207

9.8/10 · Must read/watch

NVDvuln

Summary
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Attackers can send requests to protected endpoints without authentication headers to access administrat

CVECVE-2026-22207

SeverityCRITICAL

TypeUPDATED

PublishedThu, Feb 26 · 09:28 PM CST

ModifiedTue, Apr 07 · 06:16 PM CDT

Open article ↗

Wed, Apr 01 · 01:16 PM CDT

CVE-2026-29014

9.8/10 · Must read/watch

NVDvuln

Summary
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution an

CVECVE-2026-29014

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 01 · 01:16 PM CDT

ModifiedTue, Apr 07 · 08:38 PM CDT

Open article ↗

Tue, Mar 31 · 08:16 PM CDT

CVE-2026-30285

9.8/10 · Must read/watch

NVDvuln

Summary
An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

CVECVE-2026-30285

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 31 · 08:16 PM CDT

ModifiedTue, Apr 07 · 04:11 PM CDT

Open article ↗

Thu, Mar 12 · 12:15 PM CDT

CVE-2026-3059

9.8/10 · Must read/watch

NVDvuln

Summary
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.

CVECVE-2026-3059

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 12 · 12:15 PM CDT

ModifiedTue, Apr 07 · 07:16 PM CDT

Open article ↗

Thu, Mar 12 · 12:15 PM CDT

CVE-2026-3060

9.8/10 · Must read/watch

NVDvuln

Summary
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.

CVECVE-2026-3060

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 12 · 12:15 PM CDT

ModifiedTue, Apr 07 · 07:16 PM CDT

Open article ↗

Wed, Apr 01 · 04:23 PM CDT

CVE-2026-31027

9.8/10 · Must read/watch

NVDvuln

Summary
TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary

CVECVE-2026-31027

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 01 · 04:23 PM CDT

ModifiedTue, Apr 07 · 12:10 PM CDT

Open article ↗

Fri, Mar 27 · 08:16 PM CDT

CVE-2026-33765

9.8/10 · Must read/watch

NVDvuln

Summary
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $_POST['webtheme'] parameter and concatenates it

CVECVE-2026-33765

SeverityCRITICAL

TypeUPDATED

PublishedFri, Mar 27 · 08:16 PM CDT

ModifiedTue, Apr 07 · 06:15 PM CDT

Open article ↗

Fri, Mar 27 · 07:16 PM CDT

CVE-2026-34387

9.8/10 · Must read/watch

NVDvuln

Summary
Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as root (macOS/Linux) or SYSTEM (Windows) on managed hosts when an uninstall is triggered for a crafted software package. Vers

CVECVE-2026-34387

SeverityCRITICAL

TypeUPDATED

PublishedFri, Mar 27 · 07:16 PM CDT

ModifiedTue, Apr 07 · 09:15 PM CDT

Open article ↗

Tue, Sep 09 · 02:15 PM CDT

CVE-2025-54236

9.1/10 · Must read/watch

NVDvuln

Summary
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue doe

CVECVE-2025-54236

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 09 · 02:15 PM CDT

ModifiedTue, Apr 07 · 07:00 PM CDT

Open article ↗

Sat, Feb 07 · 10:16 PM CST

CVE-2026-25858

9.1/10 · Must read/watch

NVDvuln

Summary
macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time password (OTP) directly in th

CVECVE-2026-25858

SeverityCRITICAL

TypeUPDATED

PublishedSat, Feb 07 · 10:16 PM CST

ModifiedTue, Apr 07 · 06:16 PM CDT

Open article ↗

Wed, Apr 01 · 10:16 PM CDT

CVE-2026-34563

9.1/10 · Must read/watch

NVDvuln

Summary
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when handling backup uploads and processing backup metadata. An attacker can inject a

CVECVE-2026-34563

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 01 · 10:16 PM CDT

ModifiedTue, Apr 07 · 09:33 PM CDT

Open article ↗

Wed, Apr 01 · 10:16 PM CDT

CVE-2026-34564

9.1/10 · Must read/watch

NVDvuln

Summary
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Pages to navigation menus through the Menu Management functionality. Page-

CVECVE-2026-34564

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 01 · 10:16 PM CDT

ModifiedTue, Apr 07 · 09:29 PM CDT

Open article ↗

Wed, Apr 01 · 09:17 PM CDT

CVE-2026-34873

9.1/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.

CVECVE-2026-34873

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 01 · 09:17 PM CDT

ModifiedTue, Apr 07 · 12:13 PM CDT

Open article ↗

Tue, Mar 31 · 06:16 PM CDT

CVE-2026-30282

9.0/10 · Must read/watch

NVDvuln

Summary
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.

CVECVE-2026-30282

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 31 · 06:16 PM CDT

ModifiedTue, Apr 07 · 09:00 PM CDT

Open article ↗

Tue, Jul 12 · 02:15 PM CDT

CVE-2021-38289

8.8/10 · Worth your time

NVDvuln

Summary
An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete users, view roles, and other unspecified impacts. NOTE: As of April 2026, the vendor has officially decommissioned the affecte

CVECVE-2021-38289

SeverityHIGH

TypeUPDATED

PublishedTue, Jul 12 · 02:15 PM CDT

ModifiedTue, Apr 07 · 05:16 PM CDT

Open article ↗

Wed, Apr 01 · 02:16 PM CDT

CVE-2026-0522

8.8/10 · Worth your time

NVDvuln

Summary
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled path is returned. Due to t

CVECVE-2026-0522

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 01 · 02:16 PM CDT

ModifiedTue, Apr 07 · 08:36 PM CDT

Open article ↗

Wed, Apr 01 · 11:15 AM CDT

CVE-2026-24096

8.8/10 · Worth your time

NVDvuln

Summary
Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information

CVECVE-2026-24096

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 01 · 11:15 AM CDT

ModifiedTue, Apr 07 · 08:51 PM CDT

Open article ↗

Thu, Apr 02 · 02:16 PM CDT

CVE-2026-28805

8.8/10 · Worth your time

NVDvuln

Summary
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the options[stato] GET parameter. The user-supplied value is read from $superselect['stato'] and

CVECVE-2026-28805

SeverityHIGH

TypeUPDATED

PublishedThu, Apr 02 · 02:16 PM CDT

ModifiedTue, Apr 07 · 09:17 PM CDT

Open article ↗

Mon, Mar 30 · 03:16 PM CDT

CVE-2026-33373

8.8/10 · Worth your time

NVDvuln

Summary
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after operations such as enabli

CVECVE-2026-33373

SeverityHIGH

TypeUPDATED

PublishedMon, Mar 30 · 03:16 PM CDT

ModifiedTue, Apr 07 · 06:50 PM CDT

Open article ↗

Tue, Mar 31 · 03:16 PM CDT

CVE-2026-34172

8.8/10 · Worth your time

NVDvuln

Summary
Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chat(message) passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code e

CVECVE-2026-34172

SeverityHIGH

TypeUPDATED

PublishedTue, Mar 31 · 03:16 PM CDT

ModifiedTue, Apr 07 · 09:20 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.