Archive snapshot

Wed, May 06 · 12:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Wed, May 06 · 12:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Wed, May 06 · 12:00 PM CDT

Iran-Linked APT Posed as Chaos Ransomware Member in Espionage Campaign

9.8/10 · Must read/watch

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, 06 May 2026 18:30:00 +0530

MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

9.8/10 · Must read/watch

The Hacker Newsmalwareidentity

Summary
The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, ha

Open article ↗

Wed, May 06 · 12:00 PM CDT

CloudZ Malware Abuses Phone Link to Steal SMS OTPs

9.3/10 · Must read/watch

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 06 · 12:00 PM CDT

CISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-Attack

8.7/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, 06 May 2026 17:33:00 +0530

The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open

8.1/10 · Worth your time

The Hacker Newsgeneral

Summary
For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. But behind every headline, there’s a quieter, better story. It’s the story of leaders making tough calls under pressure, te

Open article ↗

Worth skimming

Wed, May 06 · 08:00 AM CDT

Cat (YC S22) Seeks Fractional Engineer to Build AI-Native Growth Toolkit

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Wed, May 06 · 11:21 AM CDT

Show HN: I built an open-source email builder, alternative to Beefree/Unlayer

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 39 minutes ago.

Open article ↗

Wed, May 06 · 12:00 PM CDT

Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails

8.0/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 06 · 12:00 PM CDT

Fake SSA Emails Drive Venomous#Helper Phishing Campaign

8.0/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 06 · 12:00 PM CDT

NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”

8.0/10 · Worth your time

Infosecurity Magazinevulnaipolicy

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Thu, Apr 23 · 10:16 PM CDT

CVE-2026-33819

10.0/10 · Must read/watch

NVDvuln

Summary
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

CVECVE-2026-33819

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 23 · 10:16 PM CDT

ModifiedTue, May 05 · 02:15 PM CDT

Open article ↗

Thu, Apr 30 · 05:16 PM CDT

CVE-2025-71284

9.8/10 · Must read/watch

NVDvuln

Summary
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can inject arbitrary shel

CVECVE-2025-71284

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 30 · 05:16 PM CDT

ModifiedTue, May 05 · 06:09 PM CDT

Open article ↗

Tue, Apr 07 · 01:16 PM CDT

CVE-2026-22679

9.8/10 · Must read/watch

NVDvuln

Summary
Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with atta

CVECVE-2026-22679

SeverityCRITICAL

TypeUPDATED

PublishedTue, Apr 07 · 01:16 PM CDT

ModifiedTue, May 05 · 02:16 PM CDT

Open article ↗

Thu, Apr 23 · 10:16 PM CDT

CVE-2026-26210

9.8/10 · Must read/watch

NVDvuln

Summary
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads() without validation. Attackers can send a crafted pickle

CVECVE-2026-26210

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 23 · 10:16 PM CDT

ModifiedTue, May 05 · 02:43 PM CDT

Open article ↗

Mon, Apr 13 · 03:17 PM CDT

CVE-2026-31282

9.8/10 · Must read/watch

NVDvuln

Summary
Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. NOTE: this is disputed by the Supplier because (1) local login is enabled/disable

CVECVE-2026-31282

SeverityCRITICAL

TypeUPDATED

PublishedMon, Apr 13 · 03:17 PM CDT

ModifiedWed, May 06 · 07:16 AM CDT

Open article ↗

Fri, Mar 13 · 07:55 PM CDT

CVE-2026-32746

9.8/10 · Must read/watch

NVDvuln

Summary
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

CVECVE-2026-32746

SeverityCRITICAL

TypeUPDATED

PublishedFri, Mar 13 · 07:55 PM CDT

ModifiedTue, May 05 · 06:15 PM CDT

Open article ↗

Mon, Apr 27 · 07:16 PM CDT

CVE-2026-35903

9.8/10 · Must read/watch

NVDvuln

Summary
MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP requests within the same session. As a result

CVECVE-2026-35903

SeverityCRITICAL

TypeUPDATED

PublishedMon, Apr 27 · 07:16 PM CDT

ModifiedTue, May 05 · 01:39 PM CDT

Open article ↗

Fri, May 01 · 05:16 PM CDT

CVE-2026-37539

9.8/10 · Must read/watch

NVDvuln

Summary
Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted CAN FD frames.

CVECVE-2026-37539

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 01 · 05:16 PM CDT

ModifiedTue, May 05 · 08:24 PM CDT

Open article ↗

Fri, May 01 · 04:16 PM CDT

CVE-2026-42472

9.8/10 · Must read/watch

NVDvuln

Summary
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.

CVECVE-2026-42472

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 01 · 04:16 PM CDT

ModifiedTue, May 05 · 07:39 PM CDT

Open article ↗

Fri, May 01 · 04:16 PM CDT

CVE-2026-42473

9.8/10 · Must read/watch

NVDvuln

Summary
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.

CVECVE-2026-42473

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 01 · 04:16 PM CDT

ModifiedTue, May 05 · 07:39 PM CDT

Open article ↗

Fri, Mar 06 · 03:16 PM CST

CVE-2026-26051

9.4/10 · Must read/watch

NVDvuln

Summary
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP

CVECVE-2026-26051

SeverityCRITICAL

TypeUPDATED

PublishedFri, Mar 06 · 03:16 PM CST

ModifiedTue, May 05 · 06:59 PM CDT

Open article ↗

Thu, Apr 23 · 10:16 PM CDT

CVE-2026-32210

9.3/10 · Must read/watch

NVDvuln

Summary
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

CVECVE-2026-32210

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 23 · 10:16 PM CDT

ModifiedTue, May 05 · 02:10 PM CDT

Open article ↗

Tue, Sep 09 · 02:15 PM CDT

CVE-2025-54236

9.1/10 · Must read/watch

NVDvuln

Summary
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue doe

CVECVE-2025-54236

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 09 · 02:15 PM CDT

ModifiedTue, May 05 · 01:00 AM CDT

Open article ↗

Fri, Apr 17 · 07:16 PM CDT

CVE-2026-40525

9.1/10 · Must read/watch

NVDvuln

Summary
OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke privileged bot-control fu

CVECVE-2026-40525

SeverityCRITICAL

TypeUPDATED

PublishedFri, Apr 17 · 07:16 PM CDT

ModifiedTue, May 05 · 06:06 PM CDT

Open article ↗

Tue, Mar 24 · 06:16 AM CDT

CVE-2026-4750

9.1/10 · Must read/watch

NVDvuln

Summary
Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.

CVECVE-2026-4750

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 24 · 06:16 AM CDT

ModifiedTue, May 05 · 08:38 PM CDT

Open article ↗

Tue, Mar 24 · 06:16 AM CDT

CVE-2026-4753

9.1/10 · Must read/watch

NVDvuln

Summary
Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.

CVECVE-2026-4753

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 24 · 06:16 AM CDT

ModifiedTue, May 05 · 08:38 PM CDT

Open article ↗

Wed, Apr 29 · 02:16 PM CDT

CVE-2026-42523

9.0/10 · Must read/watch

NVDvuln

Summary
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission.

CVECVE-2026-42523

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 29 · 02:16 PM CDT

ModifiedTue, May 05 · 06:06 PM CDT

Open article ↗

Fri, Apr 24 · 08:16 PM CDT

CVE-2026-41429

8.8/10 · Worth your time

NVDvuln

Summary
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin(...), the device listens on UDP port 137 and process

CVECVE-2026-41429

SeverityHIGH

TypeUPDATED

PublishedFri, Apr 24 · 08:16 PM CDT

ModifiedTue, May 05 · 06:12 PM CDT

Open article ↗

Wed, Apr 22 · 02:17 PM CDT

CVE-2026-41651

8.8/10 · Worth your time

NVDvuln

Summary
PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged use

CVECVE-2026-41651

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 22 · 02:17 PM CDT

ModifiedTue, May 05 · 08:16 PM CDT

Open article ↗

Thu, Apr 23 · 06:16 PM CDT

CVE-2026-5039

8.8/10 · Worth your time

NVDvuln

Summary
TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, r

CVECVE-2026-5039

SeverityHIGH

TypeUPDATED

PublishedThu, Apr 23 · 06:16 PM CDT

ModifiedTue, May 05 · 02:11 PM CDT

Open article ↗

Tue, Apr 28 · 01:19 PM CDT

CVE-2026-5779

8.8/10 · Worth your time

NVDvuln

Summary
An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information of other registered users. Successful exploitation of this vulnerability allows an authenticated user to modify

CVECVE-2026-5779

SeverityHIGH

TypeUPDATED

PublishedTue, Apr 28 · 01:19 PM CDT

ModifiedTue, May 05 · 02:20 PM CDT

Open article ↗

Tue, Apr 28 · 01:19 PM CDT

CVE-2026-5781

8.8/10 · Worth your time

NVDvuln

Summary
An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerabilit

CVECVE-2026-5781

SeverityHIGH

TypeUPDATED

PublishedTue, Apr 28 · 01:19 PM CDT

ModifiedTue, May 05 · 02:24 PM CDT

Open article ↗

Fri, May 01 · 07:16 PM CDT

CVE-2026-30363

8.4/10 · Worth your time

NVDvuln

Summary
flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function.

CVECVE-2026-30363

SeverityHIGH

TypeUPDATED

PublishedFri, May 01 · 07:16 PM CDT

ModifiedTue, May 05 · 08:24 PM CDT

Open article ↗

Wed, Apr 01 · 02:16 PM CDT

CVE-2026-35091

8.2/10 · Worth your time

NVDvuln

Summary
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentiall

CVECVE-2026-35091

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 01 · 02:16 PM CDT

ModifiedTue, May 05 · 04:16 PM CDT

Open article ↗

Tue, Apr 07 · 08:16 PM CDT

CVE-2026-39371

8.1/10 · Worth your time

NVDvuln

Summary
RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger state-changing functions, because

CVECVE-2026-39371

SeverityHIGH

TypeUPDATED

PublishedTue, Apr 07 · 08:16 PM CDT

ModifiedTue, May 05 · 03:31 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.