Archive snapshot

Fri, May 01 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Fri, May 01 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Fri, May 01 · 06:00 AM CDT

Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher

9.8/10 · Must read/watch

Infosecurity Magazinevulnai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, 01 May 2026 15:13:00 +0530

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

9.8/10 · Must read/watch

The Hacker Newsvulnsupply-chainaiidentity

Summary
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitH

Open article ↗

Fri, May 01 · 05:30 AM CDT

After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber

9.7/10 · Must read/watch

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 30 minutes ago.

Open article ↗

Fri, May 01 · 02:00 AM CDT

If I could make my own GitHub

8.4/10 · Worth your time

Hacker Newssupply-chain

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Fri, May 01 · 06:00 AM CDT

UK: Education Sector Faces Surge in Cyber Breaches Despite Stable National Threat Levels

8.1/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Fri, May 01 · 06:00 AM CDT

Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets

8.0/10 · Worth your time

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 01 · 06:00 AM CDT

Critical Flaw Turns Vect Ransomware into Data Destroying Wiper

7.8/10 · Worth your time

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 01 · 04:00 AM CDT

Show HN: WhatCable, a tiny menu bar app for inspecting USB-C cables

7.6/10 · Worth your time

Hacker Newsgeneral

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 2 hours ago.

Open article ↗

Fri, May 01 · 02:00 AM CDT

Auto Polo

7.6/10 · Worth your time

Hacker Newsgeneral

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Fri, May 01 · 05:00 AM CDT

Show HN: Perfect Bluetooth MIDI for Windows

7.6/10 · Worth your time

Hacker Newsgeneral

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Thu, Mar 19 · 03:16 PM CDT

CVE-2026-22557

10.0/10 · Must read/watch

NVDvuln

Summary
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

CVECVE-2026-22557

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 19 · 03:16 PM CDT

ModifiedThu, Apr 30 · 04:14 PM CDT

Open article ↗

Wed, Jul 12 · 12:29 PM CDT

CVE-2017-11165

9.8/10 · Must read/watch

NVDvuln

Summary
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.

CVECVE-2017-11165

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 12 · 12:29 PM CDT

ModifiedThu, Apr 30 · 02:05 PM CDT

Open article ↗

Mon, Jul 17 · 01:18 PM CDT

CVE-2017-11349

9.8/10 · Must read/watch

NVDvuln

Summary
dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data.

CVECVE-2017-11349

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 17 · 01:18 PM CDT

ModifiedThu, Apr 30 · 02:04 PM CDT

Open article ↗

Tue, Mar 25 · 09:15 PM CDT

CVE-2025-25373

9.8/10 · Must read/watch

NVDvuln

Summary
The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform.

CVECVE-2025-25373

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 25 · 09:15 PM CDT

ModifiedThu, Apr 30 · 06:58 PM CDT

Open article ↗

Wed, Mar 11 · 06:17 AM CDT

CVE-2026-24448

9.8/10 · Must read/watch

NVDvuln

Summary
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access.

CVECVE-2026-24448

SeverityCRITICAL

TypeUPDATED

PublishedWed, Mar 11 · 06:17 AM CDT

ModifiedThu, Apr 30 · 04:18 PM CDT

Open article ↗

Wed, Mar 11 · 06:17 AM CDT

CVE-2026-27842

9.8/10 · Must read/watch

NVDvuln

Summary
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.

CVECVE-2026-27842

SeverityCRITICAL

TypeUPDATED

PublishedWed, Mar 11 · 06:17 AM CDT

ModifiedThu, Apr 30 · 04:18 PM CDT

Open article ↗

Wed, Apr 01 · 06:16 PM CDT

CVE-2026-34159

9.8/10 · Must read/watch

NVDvuln

Summary
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks

CVECVE-2026-34159

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 01 · 06:16 PM CDT

ModifiedThu, Apr 30 · 07:18 PM CDT

Open article ↗

Tue, Sep 09 · 02:15 PM CDT

CVE-2025-54236

9.1/10 · Must read/watch

NVDvuln

Summary
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue doe

CVECVE-2025-54236

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 09 · 02:15 PM CDT

ModifiedWed, Apr 22 · 07:00 PM CDT

Open article ↗

Mon, Mar 16 · 02:19 PM CDT

CVE-2026-32635

9.0/10 · Must read/watch

NVDvuln

Summary
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application use

CVECVE-2026-32635

SeverityCRITICAL

TypeUPDATED

PublishedMon, Mar 16 · 02:19 PM CDT

ModifiedThu, Apr 30 · 06:23 PM CDT

Open article ↗

Fri, Mar 08 · 09:55 PM CST

CVE-2013-0261

8.8/10 · Worth your time

NVDvuln

Summary
A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption.

CVECVE-2013-0261

SeverityHIGH

TypeUPDATED

PublishedFri, Mar 08 · 09:55 PM CST

ModifiedThu, Apr 30 · 05:16 PM CDT

Open article ↗

Tue, Mar 24 · 08:16 PM CDT

CVE-2026-22559

8.8/10 · Worth your time

NVDvuln

Summary
An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server (Version 10.1.85 and earlier) Mitigation: Update UniFi Network Server to Version 10.1.89 or l

CVECVE-2026-22559

SeverityHIGH

TypeUPDATED

PublishedTue, Mar 24 · 08:16 PM CDT

ModifiedThu, Apr 30 · 04:14 PM CDT

Open article ↗

Mon, Mar 09 · 09:16 PM CDT

CVE-2026-3288

8.8/10 · Worth your time

NVDvuln

Summary
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (No

CVECVE-2026-3288

SeverityHIGH

TypeUPDATED

PublishedMon, Mar 09 · 09:16 PM CDT

ModifiedThu, Apr 30 · 01:16 PM CDT

Open article ↗

Sat, Mar 21 · 11:16 PM CDT

CVE-2026-4529

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects

CVECVE-2026-4529

SeverityHIGH

TypeUPDATED

PublishedSat, Mar 21 · 11:16 PM CDT

ModifiedThu, Apr 30 · 04:33 PM CDT

Open article ↗

Sun, Mar 22 · 06:16 PM CDT

CVE-2026-4558

8.8/10 · Worth your time

NVDvuln

Summary
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been pub

CVECVE-2026-4558

SeverityHIGH

TypeUPDATED

PublishedSun, Mar 22 · 06:16 PM CDT

ModifiedThu, Apr 30 · 04:34 PM CDT

Open article ↗

Thu, Mar 26 · 09:16 AM CDT

CVE-2026-4861

8.8/10 · Worth your time

NVDvuln

Summary
A weakness has been identified in Wavlink WL-NU516U1 260227. This vulnerability affects the function ftext of the file /cgi-bin/nas.cgi. This manipulation of the argument Content-Length causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could

CVECVE-2026-4861

SeverityHIGH

TypeUPDATED

PublishedThu, Mar 26 · 09:16 AM CDT

ModifiedThu, Apr 30 · 04:57 PM CDT

Open article ↗

Mon, Mar 30 · 11:17 PM CDT

CVE-2026-5154

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been di

CVECVE-2026-5154

SeverityHIGH

TypeUPDATED

PublishedMon, Mar 30 · 11:17 PM CDT

ModifiedThu, Apr 30 · 07:10 PM CDT

Open article ↗

Sun, Apr 05 · 08:16 AM CDT

CVE-2026-5548

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely.

CVECVE-2026-5548

SeverityHIGH

TypeUPDATED

PublishedSun, Apr 05 · 08:16 AM CDT

ModifiedThu, Apr 30 · 01:39 PM CDT

Open article ↗

Sun, Apr 05 · 01:17 PM CDT

CVE-2026-5567

8.8/10 · Worth your time

NVDvuln

Summary
A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be executed remotely. The exploit has been publi

CVECVE-2026-5567

SeverityHIGH

TypeUPDATED

PublishedSun, Apr 05 · 01:17 PM CDT

ModifiedThu, Apr 30 · 01:40 PM CDT

Open article ↗

Sun, Apr 05 · 11:16 PM CDT

CVE-2026-5604

8.8/10 · Worth your time

NVDvuln

Summary
A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Performing a manipulation of the argument standard results in stack-based buffer overflow. Remote exploitation of the attack i

CVECVE-2026-5604

SeverityHIGH

TypeUPDATED

PublishedSun, Apr 05 · 11:16 PM CDT

ModifiedThu, Apr 30 · 08:45 PM CDT

Open article ↗

Mon, Apr 06 · 12:16 AM CDT

CVE-2026-5605

8.8/10 · Worth your time

NVDvuln

Summary
A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used f

CVECVE-2026-5605

SeverityHIGH

TypeUPDATED

PublishedMon, Apr 06 · 12:16 AM CDT

ModifiedThu, Apr 30 · 08:45 PM CDT

Open article ↗

Mon, Apr 06 · 01:16 AM CDT

CVE-2026-5608

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted

CVECVE-2026-5608

SeverityHIGH

TypeUPDATED

PublishedMon, Apr 06 · 01:16 AM CDT

ModifiedThu, Apr 30 · 01:46 PM CDT

Open article ↗

Mon, Apr 06 · 02:16 AM CDT

CVE-2026-5609

8.8/10 · Worth your time

NVDvuln

Summary
A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation of the argument index/wl_radio causes stack-based buffer overflow. It is possible to initiate the attack remotely. The ex

CVECVE-2026-5609

SeverityHIGH

TypeUPDATED

PublishedMon, Apr 06 · 02:16 AM CDT

ModifiedThu, Apr 30 · 01:39 PM CDT

Open article ↗

Mon, Apr 06 · 02:16 AM CDT

CVE-2026-5610

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may b

CVECVE-2026-5610

SeverityHIGH

TypeUPDATED

PublishedMon, Apr 06 · 02:16 AM CDT

ModifiedThu, Apr 30 · 01:47 PM CDT

Open article ↗

Mon, Apr 06 · 03:16 AM CDT

CVE-2026-5611

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.

CVECVE-2026-5611

SeverityHIGH

TypeUPDATED

PublishedMon, Apr 06 · 03:16 AM CDT

ModifiedThu, Apr 30 · 01:47 PM CDT

Open article ↗

Mon, Apr 06 · 03:16 AM CDT

CVE-2026-5612

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and ma

CVECVE-2026-5612

SeverityHIGH

TypeUPDATED

PublishedMon, Apr 06 · 03:16 AM CDT

ModifiedThu, Apr 30 · 01:47 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.