Archive snapshot

Thu, May 14 · 12:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Thu, May 14 · 12:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

2

NVD vulnerabilities

25

Top stories

Wed, May 13 · 10:00 PM CDT

Microsoft BitLocker – YellowKey zero-day exploit

9.8/10 · Must read/watch

Hacker Newsvuln

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 2 hours ago.

Open article ↗

Thu, May 14 · 12:00 AM CDT

Canvas Owner Reaches Agreement With Cybercriminals After Ransomware Attack

8.7/10 · Worth your time

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 14 · 12:00 AM CDT

Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers

8.7/10 · Worth your time

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 14 · 12:00 AM CDT

Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks

8.5/10 · Worth your time

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 13 · 11:00 PM CDT

Arena AI Model ELO History

8.4/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Worth skimming

Thu, May 14 · 12:00 AM CDT

Mini Shai-Hulud Hits TanStack npm Packages

8.0/10 · Worth your time

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 14 · 12:00 AM CDT

OpenAI Launches 'Daybreak' to Help Build Secure By Design Software

7.7/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 14 · 12:00 AM CDT

Malicious Hugging Face Repository Typosquats OpenAI

7.7/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 14 · 12:00 AM CDT

Avada Builder Flaws Expose One Million WordPress Sites

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 14 · 12:00 AM CDT

South Staffordshire Water Fined £1m After Data Breach

7.6/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

John Hammond

6.8/10 · Skim only if relevant

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
Free Cybersecurity Education and Ethical Hacking.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NahamSec

6.6/10 · Skim only if relevant

YouTube / NahamSecgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
HACK THE PLANET!! Hi! I'm NahamSec. I think everyone can be a hacker and I'm on a mission to prove that!

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Fri, Jan 13 · 03:59 PM CST

CVE-2015-3188

9.8/10 · Must read/watch

NVDvuln

Summary
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.

CVECVE-2015-3188

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jan 13 · 03:59 PM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Fri, Jan 13 · 09:59 AM CST

CVE-2016-10141

9.8/10 · Must read/watch

NVDvuln

Summary
An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (b

CVECVE-2016-10141

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jan 13 · 09:59 AM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Fri, Jan 13 · 04:59 PM CST

CVE-2016-2090

9.8/10 · Must read/watch

NVDvuln

Summary
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.

CVECVE-2016-2090

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jan 13 · 04:59 PM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Thu, Jan 12 · 11:59 PM CST

CVE-2016-3152

9.8/10 · Must read/watch

NVDvuln

Summary
Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image.

CVECVE-2016-3152

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jan 12 · 11:59 PM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Wed, Jan 18 · 05:59 PM CST

CVE-2016-7996

9.8/10 · Must read/watch

NVDvuln

Summary
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.

CVECVE-2016-7996

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jan 18 · 05:59 PM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Sat, Jan 14 · 07:59 PM CST

CVE-2016-8204

9.8/10 · Must read/watch

NVDvuln

Summary
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.

CVECVE-2016-8204

SeverityCRITICAL

TypeUPDATED

PublishedSat, Jan 14 · 07:59 PM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Sat, Jan 14 · 07:59 PM CST

CVE-2016-8205

9.8/10 · Must read/watch

NVDvuln

Summary
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.

CVECVE-2016-8205

SeverityCRITICAL

TypeUPDATED

PublishedSat, Jan 14 · 07:59 PM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Thu, Jan 12 · 11:59 PM CST

CVE-2016-9299

9.8/10 · Must read/watch

NVDvuln

Summary
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.

CVECVE-2016-9299

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jan 12 · 11:59 PM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Tue, Jan 17 · 09:59 AM CST

CVE-2017-5517

9.8/10 · Must read/watch

NVDvuln

Summary
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.

CVECVE-2017-5517

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jan 17 · 09:59 AM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Tue, Jan 17 · 09:59 AM CST

CVE-2017-5519

9.8/10 · Must read/watch

NVDvuln

Summary
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVECVE-2017-5519

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jan 17 · 09:59 AM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Wed, Jan 18 · 05:59 PM CST

CVE-2016-9584

9.1/10 · Must read/watch

NVDvuln

Summary
libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file.

CVECVE-2016-9584

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jan 18 · 05:59 PM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Fri, Jan 13 · 07:59 PM CST

CVE-2010-5327

8.8/10 · Worth your time

NVDvuln

Summary
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.

CVECVE-2010-5327

SeverityHIGH

TypeUPDATED

PublishedFri, Jan 13 · 07:59 PM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Wed, Jan 18 · 10:59 PM CST

CVE-2016-3406

8.8/10 · Worth your time

NVDvuln

Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456.

CVECVE-2016-3406

SeverityHIGH

TypeUPDATED

PublishedWed, Jan 18 · 10:59 PM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Wed, Jan 18 · 05:59 PM CST

CVE-2016-7980

8.8/10 · Worth your time

NVDvuln

Summary
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-79

CVECVE-2016-7980

SeverityHIGH

TypeUPDATED

PublishedWed, Jan 18 · 05:59 PM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Wed, Jan 18 · 05:59 PM CST

CVE-2016-7998

8.8/10 · Worth your time

NVDvuln

Summary
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.

CVECVE-2016-7998

SeverityHIGH

TypeUPDATED

PublishedWed, Jan 18 · 05:59 PM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Sat, Jan 14 · 07:59 AM CST

CVE-2017-5473

8.8/10 · Worth your time

NVDvuln

Summary
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua.

CVECVE-2017-5473

SeverityHIGH

TypeUPDATED

PublishedSat, Jan 14 · 07:59 AM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Sat, Jan 14 · 07:59 AM CST

CVE-2017-5475

8.8/10 · Worth your time

NVDvuln

Summary
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.

CVECVE-2017-5475

SeverityHIGH

TypeUPDATED

PublishedSat, Jan 14 · 07:59 AM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Sat, Jan 14 · 07:59 AM CST

CVE-2017-5476

8.8/10 · Worth your time

NVDvuln

Summary
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.

CVECVE-2017-5476

SeverityHIGH

TypeUPDATED

PublishedSat, Jan 14 · 07:59 AM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Sun, Jan 15 · 02:59 AM CST

CVE-2017-5489

8.8/10 · Worth your time

NVDvuln

Summary
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.

CVECVE-2017-5489

SeverityHIGH

TypeUPDATED

PublishedSun, Jan 15 · 02:59 AM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Sun, Jan 15 · 02:59 AM CST

CVE-2017-5492

8.8/10 · Worth your time

NVDvuln

Summary
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.

CVECVE-2017-5492

SeverityHIGH

TypeUPDATED

PublishedSun, Jan 15 · 02:59 AM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Tue, Jan 17 · 09:59 AM CST

CVE-2017-5520

8.8/10 · Worth your time

NVDvuln

Summary
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.

CVECVE-2017-5520

SeverityHIGH

TypeUPDATED

PublishedTue, Jan 17 · 09:59 AM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Sat, Jan 14 · 07:59 AM CST

CVE-2016-10142

8.6/10 · Worth your time

NVDvuln

Summary
An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the g

CVECVE-2016-10142

SeverityHIGH

TypeUPDATED

PublishedSat, Jan 14 · 07:59 AM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Fri, Jan 13 · 09:59 AM CST

CVE-2016-3128

8.2/10 · Worth your time

NVDvuln

Summary
A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimat

CVECVE-2016-3128

SeverityHIGH

TypeUPDATED

PublishedFri, Jan 13 · 09:59 AM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Wed, Jan 18 · 10:59 PM CST

CVE-2016-10086

8.1/10 · Worth your time

NVDvuln

Summary
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.

CVECVE-2016-10086

SeverityHIGH

TypeUPDATED

PublishedWed, Jan 18 · 10:59 PM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Fri, Jan 13 · 09:59 AM CST

CVE-2016-3130

8.1/10 · Worth your time

NVDvuln

Summary
An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt.

CVECVE-2016-3130

SeverityHIGH

TypeUPDATED

PublishedFri, Jan 13 · 09:59 AM CST

ModifiedWed, May 13 · 12:24 AM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.