Archive snapshot

Tue, May 12 · 12:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Tue, May 12 · 12:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

1

NVD vulnerabilities

25

Top stories

Tue, May 12 · 12:00 PM CDT

Mini Shai-Hulud Hits TanStack npm Packages

9.8/10 · Must read/watch

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, May 12 · 12:00 PM CDT

OpenAI Launches 'Daybreak' to Help Build Secure By Design Software

9.5/10 · Must read/watch

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, May 12 · 12:00 PM CDT

Malicious Hugging Face Repository Typosquats OpenAI

9.1/10 · Must read/watch

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, May 12 · 12:00 PM CDT

South Staffordshire Water Fined £1m After Data Breach

9.0/10 · Must read/watch

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, May 12 · 12:00 PM CDT

End‑to‑End Encrypted RCS Messaging Arrives Across iPhone and Android

8.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Tue, May 12 · 12:00 PM CDT

Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence

8.7/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, 12 May 2026 18:20:00 +0530

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

8.6/10 · Worth your time

The Hacker Newsgeneral

Summary
Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric between January and February 2026, has been observed actively ta

Open article ↗

Tue, May 12 · 11:00 AM CDT

Launch HN: Voker (YC S24) – Analytics for AI Agents

8.5/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Tue, 12 May 2026 17:16:00 +0530

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

8.2/10 · Worth your time

The Hacker Newssupply-chainai

Summary
TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm

Open article ↗

Tue, 12 May 2026 20:17:00 +0530

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

8.1/10 · Worth your time

The Hacker Newsgeneral

Summary
RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on Ruby Gems right now," Maciej Mens

Open article ↗

Videos worth watching

Tue, May 12 · 10:24 AM CDT

Hackers are Using AI (much scary, very wow)

8.7/10 · Worth your time

YouTube / John Hammondai

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Wed, Jul 31 · 01:15 PM CDT

CVE-2019-14192

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.

CVECVE-2019-14192

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 31 · 01:15 PM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Wed, Jul 31 · 01:15 PM CDT

CVE-2019-14193

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.

CVECVE-2019-14193

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 31 · 01:15 PM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Wed, Jul 31 · 01:15 PM CDT

CVE-2019-14194

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.

CVECVE-2019-14194

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 31 · 01:15 PM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Wed, Jul 31 · 01:15 PM CDT

CVE-2019-14195

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.

CVECVE-2019-14195

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 31 · 01:15 PM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Wed, Jul 31 · 01:15 PM CDT

CVE-2019-14196

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.

CVECVE-2019-14196

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 31 · 01:15 PM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Wed, Jul 31 · 01:15 PM CDT

CVE-2019-14198

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.

CVECVE-2019-14198

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 31 · 01:15 PM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Wed, Jul 31 · 01:15 PM CDT

CVE-2019-14199

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.

CVECVE-2019-14199

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 31 · 01:15 PM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Wed, Jul 31 · 01:15 PM CDT

CVE-2019-14200

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.

CVECVE-2019-14200

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 31 · 01:15 PM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Wed, Jul 31 · 01:15 PM CDT

CVE-2019-14201

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.

CVECVE-2019-14201

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 31 · 01:15 PM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Wed, Jul 31 · 01:15 PM CDT

CVE-2019-14202

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.

CVECVE-2019-14202

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 31 · 01:15 PM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Wed, Jul 31 · 01:15 PM CDT

CVE-2019-14203

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.

CVECVE-2019-14203

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 31 · 01:15 PM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Wed, Jul 31 · 01:15 PM CDT

CVE-2019-14204

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.

CVECVE-2019-14204

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 31 · 01:15 PM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Mon, Dec 05 · 10:15 PM CST

CVE-2022-32224

9.8/10 · Must read/watch

NVDvuln

Summary
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

CVECVE-2022-32224

SeverityCRITICAL

TypeUPDATED

PublishedMon, Dec 05 · 10:15 PM CST

ModifiedMon, May 11 · 06:16 PM CDT

Open article ↗

Thu, Jun 30 · 12:15 AM CDT

CVE-2022-34835

9.8/10 · Must read/watch

NVDvuln

Summary
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.

CVECVE-2022-34835

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jun 30 · 12:15 AM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Tue, Sep 30 · 06:15 PM CDT

CVE-2025-56513

9.8/10 · Must read/watch

NVDvuln

Summary
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed, resulting in full remote c

CVECVE-2025-56513

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 30 · 06:15 PM CDT

ModifiedMon, May 11 · 04:17 PM CDT

Open article ↗

Fri, Apr 24 · 06:16 AM CDT

CVE-2026-1949

9.8/10 · Must read/watch

NVDvuln

Summary
Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.

CVECVE-2026-1949

SeverityCRITICAL

TypeUPDATED

PublishedFri, Apr 24 · 06:16 AM CDT

ModifiedMon, May 11 · 05:42 PM CDT

Open article ↗

Fri, Apr 24 · 07:16 AM CDT

CVE-2026-1950

9.8/10 · Must read/watch

NVDvuln

Summary
Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability.

CVECVE-2026-1950

SeverityCRITICAL

TypeUPDATED

PublishedFri, Apr 24 · 07:16 AM CDT

ModifiedMon, May 11 · 05:42 PM CDT

Open article ↗

Fri, Apr 24 · 07:16 AM CDT

CVE-2026-1951

9.8/10 · Must read/watch

NVDvuln

Summary
Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.

CVECVE-2026-1951

SeverityCRITICAL

TypeUPDATED

PublishedFri, Apr 24 · 07:16 AM CDT

ModifiedMon, May 11 · 05:42 PM CDT

Open article ↗

Fri, Apr 24 · 07:16 AM CDT

CVE-2026-1952

9.8/10 · Must read/watch

NVDvuln

Summary
Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.

CVECVE-2026-1952

SeverityCRITICAL

TypeUPDATED

PublishedFri, Apr 24 · 07:16 AM CDT

ModifiedMon, May 11 · 05:42 PM CDT

Open article ↗

Fri, Feb 27 · 11:16 PM CST

CVE-2026-28517

9.8/10 · Must read/watch

NVDvuln

Summary
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec() without validation or sanitization. If an attacker can modify the fac_Config.dot value

CVECVE-2026-28517

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 27 · 11:16 PM CST

ModifiedTue, May 12 · 01:16 AM CDT

Open article ↗

Wed, Jul 31 · 01:15 PM CDT

CVE-2019-14197

9.1/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.

CVECVE-2019-14197

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 31 · 01:15 PM CDT

ModifiedTue, May 12 · 10:16 AM CDT

Open article ↗

Tue, Sep 09 · 02:15 PM CDT

CVE-2025-54236

9.1/10 · Must read/watch

NVDvuln

Summary
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue doe

CVECVE-2025-54236

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 09 · 02:15 PM CDT

ModifiedMon, May 11 · 01:00 AM CDT

Open article ↗

Fri, Apr 17 · 10:16 PM CDT

CVE-2026-5720

9.1/10 · Must read/watch

NVDvuln

Summary
miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation

CVECVE-2026-5720

SeverityCRITICAL

TypeUPDATED

PublishedFri, Apr 17 · 10:16 PM CDT

ModifiedMon, May 11 · 08:05 PM CDT

Open article ↗

Tue, Sep 10 · 05:15 PM CDT

CVE-2024-43455

8.8/10 · Worth your time

NVDvuln

Summary
Windows Remote Desktop Licensing Service Spoofing Vulnerability

CVECVE-2024-43455

SeverityHIGH

TypeUPDATED

PublishedTue, Sep 10 · 05:15 PM CDT

ModifiedMon, May 11 · 06:33 PM CDT

Open article ↗

Tue, Feb 03 · 07:16 AM CST

CVE-2026-22550

8.8/10 · Worth your time

NVDvuln

Summary
OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.

CVECVE-2026-22550

SeverityHIGH

TypeUPDATED

PublishedTue, Feb 03 · 07:16 AM CST

ModifiedTue, May 12 · 09:16 AM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.