Archive snapshot

Wed, Apr 29 · 12:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Wed, Apr 29 · 12:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Wed, Apr 29 · 12:00 PM CDT

Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets

9.8/10 · Must read/watch

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, 29 Apr 2026 21:56:00 +0530

SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware

9.8/10 · Must read/watch

The Hacker Newsmalwaresupply-chainaiidentity

Summary
Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the c

Open article ↗

Wed, 29 Apr 2026 20:13:00 +0530

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

9.8/10 · Must read/watch

The Hacker Newsmalwaresupply-chainai

Summary
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as

Open article ↗

Wed, Apr 29 · 12:00 PM CDT

Critical Flaw Turns Vect Ransomware into Data Destroying Wiper

9.2/10 · Must read/watch

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, 29 Apr 2026 11:00:24 +0000

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

9.2/10 · Must read/watch

Ars Technicasupply-chainai

Summary
Security firms find themselves especially exposed.

Open article ↗

Worth skimming

Wed, Apr 29 · 12:00 PM CDT

Researchers Track 2.9 Billion Compromised Credentials

9.0/10 · Must read/watch

Infosecurity Magazineidentity

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 29 · 08:00 AM CDT

Letting AI play my game – building an agentic test harness to help play-testing

8.5/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Wed, Apr 29 · 07:00 AM CDT

GitHub – DOS 1.0: Transcription of Tim Paterson's DOS Printouts

8.4/10 · Worth your time

Hacker Newssupply-chain

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 5 hours ago.

Open article ↗

Wed, Apr 29 · 12:00 PM CDT

Cursor Extension Flaw Exposes Developer API Keys

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 29 · 11:04 AM CDT

Show HN: A new benchmark for testing LLMs for deterministic outputs

8.2/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 56 minutes ago.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Tue, Feb 02 · 04:30 PM CST

CVE-2009-4013

9.8/10 · Must read/watch

NVDvuln

Summary
Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch system

CVECVE-2009-4013

SeverityCRITICAL

TypeUPDATED

PublishedTue, Feb 02 · 04:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Thu, Jan 28 · 08:30 PM CST

CVE-2003-1576

10.0/10 · Must read/watch

NVDvuln

Summary
Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.

CVECVE-2003-1576

SeverityHIGH

TypeUPDATED

PublishedThu, Jan 28 · 08:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Wed, Jan 20 · 10:30 PM CST

CVE-2009-3999

10.0/10 · Must read/watch

NVDvuln

Summary
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.

CVECVE-2009-3999

SeverityHIGH

TypeUPDATED

PublishedWed, Jan 20 · 10:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Wed, Jan 20 · 10:30 PM CST

CVE-2009-4000

10.0/10 · Must read/watch

NVDvuln

Summary
Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.

CVECVE-2009-4000

SeverityHIGH

TypeUPDATED

PublishedWed, Jan 20 · 10:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Tue, Jan 26 · 06:30 PM CST

CVE-2009-4273

10.0/10 · Must read/watch

NVDvuln

Summary
stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.

CVECVE-2009-4273

SeverityHIGH

TypeUPDATED

PublishedTue, Jan 26 · 06:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Thu, Jan 21 · 10:30 PM CST

CVE-2010-0138

10.0/10 · Must read/watch

NVDvuln

Summary
Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party c

CVECVE-2010-0138

SeverityHIGH

TypeUPDATED

PublishedThu, Jan 21 · 10:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Thu, Jan 28 · 08:30 PM CST

CVE-2010-0140

10.0/10 · Must read/watch

NVDvuln

Summary
Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661.

CVECVE-2010-0140

SeverityHIGH

TypeUPDATED

PublishedThu, Jan 28 · 08:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Thu, Jan 21 · 07:30 PM CST

CVE-2009-4002

9.3/10 · Must read/watch

NVDvuln

Summary
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.

CVECVE-2009-4002

SeverityHIGH

TypeUPDATED

PublishedThu, Jan 21 · 07:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Thu, Jan 21 · 07:30 PM CST

CVE-2009-4003

9.3/10 · Must read/watch

NVDvuln

Summary
Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwav

CVECVE-2009-4003

SeverityHIGH

TypeUPDATED

PublishedThu, Jan 21 · 07:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Mon, Jan 25 · 07:30 PM CST

CVE-2009-4241

9.3/10 · Must read/watch

NVDvuln

Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleB

CVECVE-2009-4241

SeverityHIGH

TypeUPDATED

PublishedMon, Jan 25 · 07:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Mon, Jan 25 · 07:30 PM CST

CVE-2009-4242

9.3/10 · Must read/watch

NVDvuln

Summary
Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Pl

CVECVE-2009-4242

SeverityHIGH

TypeUPDATED

PublishedMon, Jan 25 · 07:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Mon, Jan 25 · 07:30 PM CST

CVE-2009-4243

9.3/10 · Must read/watch

NVDvuln

Summary
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer co

CVECVE-2009-4243

SeverityHIGH

TypeUPDATED

PublishedMon, Jan 25 · 07:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Mon, Jan 25 · 07:30 PM CST

CVE-2009-4244

9.3/10 · Must read/watch

NVDvuln

Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field w

CVECVE-2009-4244

SeverityHIGH

TypeUPDATED

PublishedMon, Jan 25 · 07:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Mon, Jan 25 · 07:30 PM CST

CVE-2009-4245

9.3/10 · Must read/watch

NVDvuln

Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possib

CVECVE-2009-4245

SeverityHIGH

TypeUPDATED

PublishedMon, Jan 25 · 07:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Mon, Jan 25 · 07:30 PM CST

CVE-2009-4246

9.3/10 · Must read/watch

NVDvuln

Summary
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .

CVECVE-2009-4246

SeverityHIGH

TypeUPDATED

PublishedMon, Jan 25 · 07:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Mon, Jan 25 · 07:30 PM CST

CVE-2009-4247

9.3/10 · Must read/watch

NVDvuln

Summary
Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x,

CVECVE-2009-4247

SeverityHIGH

TypeUPDATED

PublishedMon, Jan 25 · 07:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Mon, Jan 25 · 07:30 PM CST

CVE-2009-4248

9.3/10 · Must read/watch

NVDvuln

Summary
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow

CVECVE-2009-4248

SeverityHIGH

TypeUPDATED

PublishedMon, Jan 25 · 07:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Mon, Jan 25 · 07:30 PM CST

CVE-2009-4257

9.3/10 · Must read/watch

NVDvuln

Summary
Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows r

CVECVE-2009-4257

SeverityHIGH

TypeUPDATED

PublishedMon, Jan 25 · 07:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Fri, Jan 22 · 10:00 PM CST

CVE-2010-0027

9.3/10 · Must read/watch

NVDvuln

Summary
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL V

CVECVE-2010-0027

SeverityHIGH

TypeUPDATED

PublishedFri, Jan 22 · 10:00 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Fri, Jan 22 · 10:00 PM CST

CVE-2010-0244

9.3/10 · Must read/watch

NVDvuln

Summary
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a differen

CVECVE-2010-0244

SeverityHIGH

TypeUPDATED

PublishedFri, Jan 22 · 10:00 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Fri, Jan 22 · 10:00 PM CST

CVE-2010-0245

9.3/10 · Must read/watch

NVDvuln

Summary
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability t

CVECVE-2010-0245

SeverityHIGH

TypeUPDATED

PublishedFri, Jan 22 · 10:00 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Fri, Jan 22 · 10:00 PM CST

CVE-2010-0246

9.3/10 · Must read/watch

NVDvuln

Summary
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability t

CVECVE-2010-0246

SeverityHIGH

TypeUPDATED

PublishedFri, Jan 22 · 10:00 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Fri, Jan 22 · 10:00 PM CST

CVE-2010-0247

9.3/10 · Must read/watch

NVDvuln

Summary
Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

CVECVE-2010-0247

SeverityHIGH

TypeUPDATED

PublishedFri, Jan 22 · 10:00 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Thu, Jan 21 · 08:30 PM CST

CVE-2010-0364

9.3/10 · Must read/watch

NVDvuln

Summary
Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.

CVECVE-2010-0364

SeverityHIGH

TypeUPDATED

PublishedThu, Jan 21 · 08:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Thu, Jan 21 · 11:30 PM CST

CVE-2010-0379

9.3/10 · Must read/watch

NVDvuln

Summary
Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-03

CVECVE-2010-0379

SeverityHIGH

TypeUPDATED

PublishedThu, Jan 21 · 11:30 PM CST

ModifiedWed, Apr 29 · 01:13 AM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.