Archive snapshot

Fri, Apr 24 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Fri, Apr 24 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

1

NVD vulnerabilities

25

Top stories

Fri, Apr 24 · 06:00 AM CDT

Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation

9.8/10 · Must read/watch

Infosecurity Magazinemalwaresupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, 24 Apr 2026 12:54:00 +0530

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

9.8/10 · Must read/watch

The Hacker Newsvulnai

Summary
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS sc

Open article ↗

Fri, 24 Apr 2026 14:59:00 +0530

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

9.7/10 · Must read/watch

The Hacker Newsvulnsupply-chainai

Summary
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for r

Open article ↗

Fri, Apr 24 · 06:00 AM CDT

Google Introduces Unique AI Agent Identities in New Gemini Enterprise Platform

8.5/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, Apr 24 · 06:00 AM CDT

Google Favors General-Purpose Gemini Models Over Cybersecurity‑Specific AI

8.3/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Fri, Apr 24 · 02:00 AM CDT

Show HN: How LLMs Work – Interactive visual guide based on Karpathy's lecture

8.2/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Fri, Apr 24 · 05:00 AM CDT

S. Korea police arrest man over AI image of runaway wolf that misled authorities

8.1/10 · Worth your time

Hacker Newsaiidentity

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Fri, Apr 24 · 12:00 AM CDT

Familiarity is the enemy: On why Enterprise systems have failed for 60 years

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 6 hours ago.

Open article ↗

Fri, Apr 24 · 06:00 AM CDT

Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang

7.8/10 · Worth your time

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, Apr 24 · 06:00 AM CDT

Surge in Silent Subject Phishing Attacks Targets VIP Users

7.6/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Thu, Apr 23 · 08:00 AM CDT

Hackers Stole Your Account (for free)

7.6/10 · Worth your time

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Mon, Feb 12 · 07:15 AM CST

CVE-2024-25100

10.0/10 · Must read/watch

NVDvuln

Summary
Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program coupon-referral-program allows Object Injection.This issue affects Coupon Referral Program: from n/a through < 1.8.4.

CVECVE-2024-25100

SeverityCRITICAL

TypeUPDATED

PublishedMon, Feb 12 · 07:15 AM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Apr 18 · 09:15 AM CDT

CVE-2024-32599

10.0/10 · Must read/watch

NVDvuln

Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator wp-dummy-content-generator.This issue affects WP Dummy Content Generator: from n/a through <= 3.2.1.

CVECVE-2024-32599

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 18 · 09:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Wed, Apr 24 · 08:15 AM CDT

CVE-2024-32836

9.1/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.5.11.

CVECVE-2024-32836

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 24 · 08:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Fri, Apr 08 · 03:15 PM CDT

CVE-2021-41715

8.8/10 · Worth your time

NVDvuln

Summary
libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.

CVECVE-2021-41715

SeverityHIGH

TypeUPDATED

PublishedFri, Apr 08 · 03:15 PM CDT

ModifiedThu, Apr 23 · 03:16 PM CDT

Open article ↗

Thu, Jul 27 · 02:15 PM CDT

CVE-2023-38512

8.8/10 · Worth your time

NVDvuln

Summary
Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream wpstream allows Cross Site Request Forgery.This issue affects WpStream: from n/a through <= 4.5.4.

CVECVE-2023-38512

SeverityHIGH

TypeUPDATED

PublishedThu, Jul 27 · 02:15 PM CDT

ModifiedThu, Apr 23 · 03:17 PM CDT

Open article ↗

Mon, Apr 15 · 10:15 AM CDT

CVE-2024-31424

8.8/10 · Worth your time

NVDvuln

Summary
Cross-Site Request Forgery (CSRF) vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.6.93.

CVECVE-2024-31424

SeverityHIGH

TypeUPDATED

PublishedMon, Apr 15 · 10:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Wed, Jan 31 · 12:16 PM CST

CVE-2024-23507

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.

CVECVE-2024-23507

SeverityHIGH

TypeUPDATED

PublishedWed, Jan 31 · 12:16 PM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Tue, Mar 19 · 02:15 PM CDT

CVE-2024-29136

8.5/10 · Worth your time

NVDvuln

Summary
Deserialization of Untrusted Data vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.17.

CVECVE-2024-29136

SeverityHIGH

TypeUPDATED

PublishedTue, Mar 19 · 02:15 PM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Mar 28 · 05:15 AM CDT

CVE-2024-30236

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.

CVECVE-2024-30236

SeverityHIGH

TypeUPDATED

PublishedThu, Mar 28 · 05:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Wed, Mar 27 · 02:15 PM CDT

CVE-2024-30238

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.2.

CVECVE-2024-30238

SeverityHIGH

TypeUPDATED

PublishedWed, Mar 27 · 02:15 PM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Mar 28 · 05:15 AM CDT

CVE-2024-30244

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.27.

CVECVE-2024-30244

SeverityHIGH

TypeUPDATED

PublishedThu, Mar 28 · 05:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Fri, Mar 29 · 02:15 PM CDT

CVE-2024-30488

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Katie Zotpress zotpress.This issue affects Zotpress: from n/a through <= 7.3.7.

CVECVE-2024-30488

SeverityHIGH

TypeUPDATED

PublishedFri, Mar 29 · 02:15 PM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Wed, Apr 24 · 09:15 AM CDT

CVE-2024-32706

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.

CVECVE-2024-32706

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 24 · 09:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Mar 28 · 05:15 AM CDT

CVE-2024-30229

8.0/10 · Worth your time

NVDvuln

Summary
Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.4.2.

CVECVE-2024-30229

SeverityHIGH

TypeUPDATED

PublishedThu, Mar 28 · 05:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Mar 28 · 06:15 AM CDT

CVE-2024-23500

7.7/10 · Worth your time

NVDvuln

Summary
Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.19.

CVECVE-2024-23500

SeverityHIGH

TypeUPDATED

PublishedThu, Mar 28 · 06:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Sat, Jan 27 · 12:15 AM CST

CVE-2024-23506

7.7/10 · Worth your time

NVDvuln

Summary
Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.

CVECVE-2024-23506

SeverityHIGH

TypeUPDATED

PublishedSat, Jan 27 · 12:15 AM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Dec 28 · 12:15 PM CST

CVE-2023-50854

7.6/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack squirrly-seo-pack allows SQL Injection.This issue affects Squirrly SEO - Advanced Pack: from n/a through < 2.4.02.

CVECVE-2023-50854

SeverityHIGH

TypeUPDATED

PublishedThu, Dec 28 · 12:15 PM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Fri, Dec 29 · 11:15 AM CST

CVE-2023-52135

7.6/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mark Westguard WS Form LITE ws-form allows Blind SQL Injection.This issue affects WS Form LITE: from n/a through <= 1.9.170.

CVECVE-2023-52135

SeverityHIGH

TypeUPDATED

PublishedFri, Dec 29 · 11:15 AM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Mar 28 · 05:15 AM CDT

CVE-2024-30245

7.6/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pierre Lannoy DecaLog decalog.This issue affects DecaLog: from n/a through <= 3.9.0.

CVECVE-2024-30245

SeverityHIGH

TypeUPDATED

PublishedThu, Mar 28 · 05:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Mon, Jan 08 · 07:15 PM CST

CVE-2023-52190

7.5/10 · Worth your time

NVDvuln

Summary
Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Coupon Referral Program coupon-referral-program allows Retrieve Embedded Sensitive Data.This issue affects Coupon Referral Program: from n/a through <= 1.8.4.

CVECVE-2023-52190

SeverityHIGH

TypeUPDATED

PublishedMon, Jan 08 · 07:15 PM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Wed, Apr 24 · 08:15 AM CDT

CVE-2024-32825

7.5/10 · Worth your time

NVDvuln

Summary
Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through <= 3.1.3.

CVECVE-2024-32825

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 24 · 08:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Tue, Jul 25 · 02:15 PM CDT

CVE-2023-36385

7.1/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through <= 2.9.9.

CVECVE-2023-36385

SeverityHIGH

TypeUPDATED

PublishedTue, Jul 25 · 02:15 PM CDT

ModifiedThu, Apr 23 · 03:17 PM CDT

Open article ↗

Mon, Sep 04 · 12:15 PM CDT

CVE-2023-40205

7.1/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade PixTypes pixtypes allows DOM-Based XSS.This issue affects PixTypes: from n/a through <= 1.4.15.

CVECVE-2023-40205

SeverityHIGH

TypeUPDATED

PublishedMon, Sep 04 · 12:15 PM CDT

ModifiedThu, Apr 23 · 03:17 PM CDT

Open article ↗

Tue, Nov 14 · 11:15 PM CST

CVE-2023-47517

7.1/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs SendPress Newsletters sendpress allows DOM-Based XSS.This issue affects SendPress Newsletters: from n/a through <= 1.23.11.6.

CVECVE-2023-47517

SeverityHIGH

TypeUPDATED

PublishedTue, Nov 14 · 11:15 PM CST

ModifiedThu, Apr 23 · 03:17 PM CDT

Open article ↗

Thu, Feb 29 · 06:15 AM CST

CVE-2023-50905

7.1/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through <= 4.6.1.

CVECVE-2023-50905

SeverityHIGH

TypeUPDATED

PublishedThu, Feb 29 · 06:15 AM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.