Archive snapshot

Fri, May 08 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Fri, May 08 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Fri, 08 May 2026 10:42:00 +0530

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions

9.3/10 · Must read/watch

The Hacker Newsvulnai

Summary
Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacti

Open article ↗

Fri, 08 May 2026 14:11:00 +0530

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

8.9/10 · Worth your time

The Hacker Newsaiidentity

Summary
Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module

Open article ↗

Fri, May 08 · 06:00 AM CDT

PCPJack Campaign Boots TeamPCP Off Compromised Machines

8.7/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 08 · 06:00 AM CDT

OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos

8.5/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 08 · 06:00 AM CDT

Australian Cyber Security Centre Issues Alert Over ClickFix Attacks

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Fri, 08 May 2026 16:00:00 +0530

One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk

8.1/10 · Worth your time

The Hacker Newsgeneral

Summary
The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including infor

Open article ↗

Fri, May 08 · 03:00 AM CDT

ClojureScript Gets Async/Await

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Fri, May 08 · 12:00 AM CDT

Blaise – A modern self-hosting zero-legacy Object Pascal compiler targeting QBE

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 6 hours ago.

Open article ↗

Fri, May 08 · 06:00 AM CDT

Researchers Spot Uptick in Use of Vercel for Phishing Campaigns

8.0/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 08 · 06:00 AM CDT

Iran-Linked APT Posed as Chaos Ransomware Member in Espionage Campaign

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Wed, Mar 11 · 04:17 AM CDT

CVE-2026-29515

9.8/10 · Must read/watch

NVDvuln

Summary
MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows l

CVECVE-2026-29515

SeverityCRITICAL

TypeUPDATED

PublishedWed, Mar 11 · 04:17 AM CDT

ModifiedThu, May 07 · 06:15 PM CDT

Open article ↗

Wed, Apr 22 · 02:16 PM CDT

CVE-2026-31444

9.8/10 · Must read/watch

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() smb_grant_oplock() has two issues in the oplock publication sequence: 1) opinfo is linked into ci->m_op_list (via opinfo_add) before add_lease_global_list() is called. If add_lease_global_l

CVECVE-2026-31444

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 22 · 02:16 PM CDT

ModifiedThu, May 07 · 07:26 PM CDT

Open article ↗

Wed, Apr 22 · 02:16 PM CDT

CVE-2026-31463

9.8/10 · Must read/watch

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access when i_blkbits differs from I/O granularity Commit aa35dd5cbc06 ("iomap: fix invalid folio access after folio_end_read()") partially addressed invalid folio access for folios without an ifs attached, but it did not handl

CVECVE-2026-31463

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 22 · 02:16 PM CDT

ModifiedThu, May 07 · 06:30 PM CDT

Open article ↗

Tue, Mar 10 · 06:19 PM CDT

CVE-2026-3843

9.8/10 · Must read/watch

NVDvuln

Summary
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in application/x-www-form-urlencoded data

CVECVE-2026-3843

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 10 · 06:19 PM CDT

ModifiedThu, May 07 · 08:34 PM CDT

Open article ↗

Fri, May 01 · 03:16 PM CDT

CVE-2026-43011

9.8/10 · Must read/watch

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When alloc_skb fails in x25_queue_rx_frame it calls kfree_skb(skb) at line 48 and returns 1 (error). This error propagates back through the call chain: x25_queue_rx_frame returns 1 | v x25_state3_machine receiv

CVECVE-2026-43011

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 01 · 03:16 PM CDT

ModifiedThu, May 07 · 08:26 PM CDT

Open article ↗

Tue, Mar 10 · 06:18 PM CDT

CVE-2025-69614

9.4/10 · Must read/watch

NVDvuln

Summary
Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31.

CVECVE-2025-69614

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 10 · 06:18 PM CDT

ModifiedThu, May 07 · 08:50 PM CDT

Open article ↗

Wed, Apr 22 · 02:16 PM CDT

CVE-2026-31448

9.4/10 · Must read/watch

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if inserting a new extent into the extent tree fails (in this example, because the file system disabled the huge file feature wh

CVECVE-2026-31448

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 22 · 02:16 PM CDT

ModifiedThu, May 07 · 06:43 PM CDT

Open article ↗

Tue, Sep 09 · 02:15 PM CDT

CVE-2025-54236

9.1/10 · Must read/watch

NVDvuln

Summary
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue doe

CVECVE-2025-54236

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 09 · 02:15 PM CDT

ModifiedTue, May 05 · 01:00 AM CDT

Open article ↗

Tue, Mar 10 · 06:18 PM CDT

CVE-2025-69615

9.1/10 · Must read/watch

NVDvuln

Summary
Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03.

CVECVE-2025-69615

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 10 · 06:18 PM CDT

ModifiedThu, May 07 · 08:48 PM CDT

Open article ↗

Wed, Mar 11 · 06:17 AM CDT

CVE-2023-27573

9.0/10 · Must read/watch

NVDvuln

Summary
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default

CVECVE-2023-27573

SeverityCRITICAL

TypeUPDATED

PublishedWed, Mar 11 · 06:17 AM CDT

ModifiedThu, May 07 · 06:13 PM CDT

Open article ↗

Tue, Apr 14 · 06:16 PM CDT

CVE-2026-26149

9.0/10 · Must read/watch

NVDvuln

Summary
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.

CVECVE-2026-26149

SeverityCRITICAL

TypeUPDATED

PublishedTue, Apr 14 · 06:16 PM CDT

ModifiedThu, May 07 · 08:06 PM CDT

Open article ↗

Tue, Jan 27 · 04:16 PM CST

CVE-2025-15467

8.8/10 · Worth your time

NVDvuln

Summary
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structure

CVECVE-2025-15467

SeverityHIGH

TypeUPDATED

PublishedTue, Jan 27 · 04:16 PM CST

ModifiedThu, May 07 · 06:12 PM CDT

Open article ↗

Fri, May 01 · 03:16 PM CDT

CVE-2026-31735

8.8/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: iommupt: Fix short gather if the unmap goes into a large mapping unmap has the odd behavior that it can unmap more than requested if the ending point lands within the middle of a large or contiguous IOPTE. In this case the gather should flush everythin

CVECVE-2026-31735

SeverityHIGH

TypeUPDATED

PublishedFri, May 01 · 03:16 PM CDT

ModifiedThu, May 07 · 04:52 PM CDT

Open article ↗

Fri, May 01 · 03:16 PM CDT

CVE-2026-31739

8.8/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTO_ALG_ASYNC The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its asynchronous algorithms, causing the crypto API to select them for users that request only synchronous algorithms. This causes crashes (at le

CVECVE-2026-31739

SeverityHIGH

TypeUPDATED

PublishedFri, May 01 · 03:16 PM CDT

ModifiedThu, May 07 · 07:00 PM CDT

Open article ↗

Wed, Mar 11 · 07:16 AM CDT

CVE-2026-31844

8.8/10 · Worth your time

NVDvuln

Summary
An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL queries via crafted requ

CVECVE-2026-31844

SeverityHIGH

TypeUPDATED

PublishedWed, Mar 11 · 07:16 AM CDT

ModifiedThu, May 07 · 06:27 PM CDT

Open article ↗

Tue, Apr 14 · 06:17 PM CDT

CVE-2026-32157

8.8/10 · Worth your time

NVDvuln

Summary
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVECVE-2026-32157

SeverityHIGH

TypeUPDATED

PublishedTue, Apr 14 · 06:17 PM CDT

ModifiedThu, May 07 · 07:57 PM CDT

Open article ↗

Fri, May 01 · 03:16 PM CDT

CVE-2026-43048

8.8/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset() The memset() in hid_report_raw_event() has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the buffer. However

CVECVE-2026-43048

SeverityHIGH

TypeUPDATED

PublishedFri, May 01 · 03:16 PM CDT

ModifiedThu, May 07 · 07:07 PM CDT

Open article ↗

Tue, Apr 21 · 08:17 PM CDT

CVE-2026-6819

8.8/10 · Worth your time

NVDvuln

Summary
HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and activation state, enabling unauthorized

CVECVE-2026-6819

SeverityHIGH

TypeUPDATED

PublishedTue, Apr 21 · 08:17 PM CDT

ModifiedThu, May 07 · 08:28 PM CDT

Open article ↗

Tue, Apr 21 · 09:16 PM CDT

CVE-2026-6823

8.2/10 · Worth your time

NVDvuln

Summary
HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach host-backed agent run

CVECVE-2026-6823

SeverityHIGH

TypeUPDATED

PublishedTue, Apr 21 · 09:16 PM CDT

ModifiedThu, May 07 · 08:29 PM CDT

Open article ↗

Wed, Apr 22 · 02:16 PM CDT

CVE-2026-31464

8.1/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() A malicious or compromised VIO server can return a num_written value in the discover targets MAD response that exceeds max_targets. This value is stored directly in vhost->num_targets witho

CVECVE-2026-31464

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 22 · 02:16 PM CDT

ModifiedThu, May 07 · 06:28 PM CDT

Open article ↗

Fri, May 01 · 03:16 PM CDT

CVE-2026-43051

8.1/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq The wacom_intuos_bt_irq() function processes Bluetooth HID reports without sufficient bounds checking. A maliciously crafted short report can trigger an out-of-bounds read when copying data into

CVECVE-2026-43051

SeverityHIGH

TypeUPDATED

PublishedFri, May 01 · 03:16 PM CDT

ModifiedThu, May 07 · 06:00 PM CDT

Open article ↗

Wed, Apr 08 · 07:25 PM CDT

CVE-2026-30814

8.0/10 · Worth your time

NVDvuln

Summary
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code executio

CVECVE-2026-30814

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 08 · 07:25 PM CDT

ModifiedThu, May 07 · 04:16 PM CDT

Open article ↗

Wed, Apr 08 · 07:25 PM CDT

CVE-2026-30815

8.0/10 · Worth your time

NVDvuln

Summary
An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modification of configuration file

CVECVE-2026-30815

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 08 · 07:25 PM CDT

ModifiedThu, May 07 · 04:16 PM CDT

Open article ↗

Wed, Apr 08 · 07:25 PM CDT

CVE-2026-30818

8.0/10 · Worth your time

NVDvuln

Summary
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker to modify device confi

CVECVE-2026-30818

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 08 · 07:25 PM CDT

ModifiedThu, May 07 · 04:16 PM CDT

Open article ↗

Wed, Mar 11 · 04:16 PM CDT

CVE-2025-12690

7.8/10 · Worth your time

NVDvuln

Summary
Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10.

CVECVE-2025-12690

SeverityHIGH

TypeUPDATED

PublishedWed, Mar 11 · 04:16 PM CDT

ModifiedThu, May 07 · 08:55 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.