Archive snapshot

Fri, Apr 24 · 12:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Fri, Apr 24 · 12:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

1

NVD vulnerabilities

25

Top stories

Fri, Apr 24 · 12:00 PM CDT

Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation

9.4/10 · Must read/watch

Infosecurity Magazinemalwaresupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, Apr 24 · 12:00 PM CDT

UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China

9.4/10 · Must read/watch

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, 24 Apr 2026 19:43:00 +0530

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

9.3/10 · Must read/watch

The Hacker Newsaipolicy

Summary
The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as

Open article ↗

Fri, 24 Apr 2026 17:19:00 +0530

Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine

9.0/10 · Must read/watch

The Hacker Newsaiidentity

Summary
The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly. The issue is not simply that agents are new actors. I

Open article ↗

Fri, Apr 24 · 12:00 PM CDT

AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns

8.7/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Fri, Apr 24 · 11:00 AM CDT

Show HN: Browser Harness – Gives LLM freedom to complete any browser task

8.2/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Fri, 24 Apr 2026 17:18:00 +0530

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

8.1/10 · Worth your time

The Hacker Newsgeneral

Summary
Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. "Once launched, these apps redirect user

Open article ↗

Fri, Apr 24 · 12:00 PM CDT

Google Introduces Unique AI Agent Identities in New Gemini Enterprise Platform

8.0/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, Apr 24 · 07:00 AM CDT

Hear your agent suffer through your code

8.0/10 · Worth your time

Hacker Newsgeneral

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 5 hours ago.

Open article ↗

Fri, Apr 24 · 12:00 PM CDT

Google Favors General-Purpose Gemini Models Over Cybersecurity‑Specific AI

7.9/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Fri, Apr 24 · 08:00 AM CDT

the WORST phishing email i've ever seen

8.8/10 · Worth your time

YouTube / John Hammondai

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Mon, Feb 12 · 07:15 AM CST

CVE-2024-25100

10.0/10 · Must read/watch

NVDvuln

Summary
Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program coupon-referral-program allows Object Injection.This issue affects Coupon Referral Program: from n/a through < 1.8.4.

CVECVE-2024-25100

SeverityCRITICAL

TypeUPDATED

PublishedMon, Feb 12 · 07:15 AM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Apr 18 · 09:15 AM CDT

CVE-2024-32599

10.0/10 · Must read/watch

NVDvuln

Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator wp-dummy-content-generator.This issue affects WP Dummy Content Generator: from n/a through <= 3.2.1.

CVECVE-2024-32599

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 18 · 09:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Wed, Apr 24 · 08:15 AM CDT

CVE-2024-32836

9.1/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.5.11.

CVECVE-2024-32836

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 24 · 08:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Fri, Apr 08 · 03:15 PM CDT

CVE-2021-41715

8.8/10 · Worth your time

NVDvuln

Summary
libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.

CVECVE-2021-41715

SeverityHIGH

TypeUPDATED

PublishedFri, Apr 08 · 03:15 PM CDT

ModifiedThu, Apr 23 · 03:16 PM CDT

Open article ↗

Thu, Jul 27 · 02:15 PM CDT

CVE-2023-38512

8.8/10 · Worth your time

NVDvuln

Summary
Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream wpstream allows Cross Site Request Forgery.This issue affects WpStream: from n/a through <= 4.5.4.

CVECVE-2023-38512

SeverityHIGH

TypeUPDATED

PublishedThu, Jul 27 · 02:15 PM CDT

ModifiedThu, Apr 23 · 03:17 PM CDT

Open article ↗

Mon, Apr 15 · 10:15 AM CDT

CVE-2024-31424

8.8/10 · Worth your time

NVDvuln

Summary
Cross-Site Request Forgery (CSRF) vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.6.93.

CVECVE-2024-31424

SeverityHIGH

TypeUPDATED

PublishedMon, Apr 15 · 10:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Wed, Jan 31 · 12:16 PM CST

CVE-2024-23507

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.

CVECVE-2024-23507

SeverityHIGH

TypeUPDATED

PublishedWed, Jan 31 · 12:16 PM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Tue, Mar 19 · 02:15 PM CDT

CVE-2024-29136

8.5/10 · Worth your time

NVDvuln

Summary
Deserialization of Untrusted Data vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.17.

CVECVE-2024-29136

SeverityHIGH

TypeUPDATED

PublishedTue, Mar 19 · 02:15 PM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Mar 28 · 05:15 AM CDT

CVE-2024-30236

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.

CVECVE-2024-30236

SeverityHIGH

TypeUPDATED

PublishedThu, Mar 28 · 05:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Wed, Mar 27 · 02:15 PM CDT

CVE-2024-30238

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.2.

CVECVE-2024-30238

SeverityHIGH

TypeUPDATED

PublishedWed, Mar 27 · 02:15 PM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Mar 28 · 05:15 AM CDT

CVE-2024-30244

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.27.

CVECVE-2024-30244

SeverityHIGH

TypeUPDATED

PublishedThu, Mar 28 · 05:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Fri, Mar 29 · 02:15 PM CDT

CVE-2024-30488

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Katie Zotpress zotpress.This issue affects Zotpress: from n/a through <= 7.3.7.

CVECVE-2024-30488

SeverityHIGH

TypeUPDATED

PublishedFri, Mar 29 · 02:15 PM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Wed, Apr 24 · 09:15 AM CDT

CVE-2024-32706

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.

CVECVE-2024-32706

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 24 · 09:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Mar 28 · 05:15 AM CDT

CVE-2024-30229

8.0/10 · Worth your time

NVDvuln

Summary
Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.4.2.

CVECVE-2024-30229

SeverityHIGH

TypeUPDATED

PublishedThu, Mar 28 · 05:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Mar 28 · 06:15 AM CDT

CVE-2024-23500

7.7/10 · Worth your time

NVDvuln

Summary
Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through <= 3.2.19.

CVECVE-2024-23500

SeverityHIGH

TypeUPDATED

PublishedThu, Mar 28 · 06:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Sat, Jan 27 · 12:15 AM CST

CVE-2024-23506

7.7/10 · Worth your time

NVDvuln

Summary
Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.

CVECVE-2024-23506

SeverityHIGH

TypeUPDATED

PublishedSat, Jan 27 · 12:15 AM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Dec 28 · 12:15 PM CST

CVE-2023-50854

7.6/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly Squirrly SEO - Advanced Pack squirrly-seo-pack allows SQL Injection.This issue affects Squirrly SEO - Advanced Pack: from n/a through < 2.4.02.

CVECVE-2023-50854

SeverityHIGH

TypeUPDATED

PublishedThu, Dec 28 · 12:15 PM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Fri, Dec 29 · 11:15 AM CST

CVE-2023-52135

7.6/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mark Westguard WS Form LITE ws-form allows Blind SQL Injection.This issue affects WS Form LITE: from n/a through <= 1.9.170.

CVECVE-2023-52135

SeverityHIGH

TypeUPDATED

PublishedFri, Dec 29 · 11:15 AM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Thu, Mar 28 · 05:15 AM CDT

CVE-2024-30245

7.6/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pierre Lannoy DecaLog decalog.This issue affects DecaLog: from n/a through <= 3.9.0.

CVECVE-2024-30245

SeverityHIGH

TypeUPDATED

PublishedThu, Mar 28 · 05:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Mon, Jan 08 · 07:15 PM CST

CVE-2023-52190

7.5/10 · Worth your time

NVDvuln

Summary
Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Coupon Referral Program coupon-referral-program allows Retrieve Embedded Sensitive Data.This issue affects Coupon Referral Program: from n/a through <= 1.8.4.

CVECVE-2023-52190

SeverityHIGH

TypeUPDATED

PublishedMon, Jan 08 · 07:15 PM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Wed, Apr 24 · 08:15 AM CDT

CVE-2024-32825

7.5/10 · Worth your time

NVDvuln

Summary
Insertion of Sensitive Information Into Sent Data vulnerability in Simply Static Simply Static simply-static.This issue affects Simply Static: from n/a through <= 3.1.3.

CVECVE-2024-32825

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 24 · 08:15 AM CDT

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Tue, Jul 25 · 02:15 PM CDT

CVE-2023-36385

7.1/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through <= 2.9.9.

CVECVE-2023-36385

SeverityHIGH

TypeUPDATED

PublishedTue, Jul 25 · 02:15 PM CDT

ModifiedThu, Apr 23 · 03:17 PM CDT

Open article ↗

Mon, Sep 04 · 12:15 PM CDT

CVE-2023-40205

7.1/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade PixTypes pixtypes allows DOM-Based XSS.This issue affects PixTypes: from n/a through <= 1.4.15.

CVECVE-2023-40205

SeverityHIGH

TypeUPDATED

PublishedMon, Sep 04 · 12:15 PM CDT

ModifiedThu, Apr 23 · 03:17 PM CDT

Open article ↗

Tue, Nov 14 · 11:15 PM CST

CVE-2023-47517

7.1/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs SendPress Newsletters sendpress allows DOM-Based XSS.This issue affects SendPress Newsletters: from n/a through <= 1.23.11.6.

CVECVE-2023-47517

SeverityHIGH

TypeUPDATED

PublishedTue, Nov 14 · 11:15 PM CST

ModifiedThu, Apr 23 · 03:17 PM CDT

Open article ↗

Thu, Feb 29 · 06:15 AM CST

CVE-2023-50905

7.1/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through <= 4.6.1.

CVECVE-2023-50905

SeverityHIGH

TypeUPDATED

PublishedThu, Feb 29 · 06:15 AM CST

ModifiedThu, Apr 23 · 03:18 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.