Archive snapshot

Thu, May 14 · 12:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Thu, May 14 · 12:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

2

NVD vulnerabilities

25

Top stories

Thu, 14 May 2026 19:30:37 +0530

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

9.8/10 · Must read/watch

The Hacker Newsaipolicy

Summary
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations target

Open article ↗

Thu, 14 May 2026 17:10:14 +0530

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

9.6/10 · Must read/watch

The Hacker Newsvulnaiidentity

Summary
Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS s

Open article ↗

Thu, May 14 · 12:00 PM CDT

Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign

9.5/10 · Must read/watch

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 14 · 08:00 AM CDT

Sam Altman's Business Dealings Under GOP Scrutiny Ahead of OpenAI's IPO

8.9/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Thu, May 14 · 12:00 PM CDT

Most Organizations Now Use AI Agents for Sensitive Security Tasks

8.7/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Thu, May 14 · 12:00 PM CDT

Google Launches Android Spyware Forensics Tool for High-Risk Users

8.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, 14 May 2026 17:00:00 +0530

How AI Hallucinations Are Creating Real Security Risks

8.6/10 · Worth your time

The Hacker Newsvulnai

Summary
AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Ins

Open article ↗

Thu, May 14 · 11:00 AM CDT

Anthropic forms $200M partnership with the Gates Foundation

8.4/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Thu, May 14 · 12:00 PM CDT

ICO Publishes Five-Step Plan to Counter Emerging AI-Powered Attacks

8.2/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 14 · 12:00 PM CDT

New Fragnesia Flaw Hands Linux Local Users Root Access

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Wed, May 13 · 02:48 PM CDT

Hack a Drug Lord's Smart Toilet!

7.6/10 · Worth your time

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
Just Hacking Training livestream on IoT Hacking with Andrew Bellini! May 15th at 1:00pm ET: https://justhacking.com

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

Wed, May 13 · 02:35 PM CDT

The Payload Podcast 006

6.8/10 · Skim only if relevant

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/trainingSee what else I'm up to with: https://jh.live/newsletterℹ️ Resources:See wha...

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Fri, May 08 · 04:16 PM CDT

CVE-2026-41070

10.0/10 · Must read/watch

NVDvuln

Summary
openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on (SSO) auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode (shared library loaded by OpenVPN via the plugin directive), clients

CVECVE-2026-41070

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 08 · 04:16 PM CDT

ModifiedWed, May 13 · 04:00 PM CDT

Open article ↗

Tue, Apr 21 · 09:16 PM CDT

CVE-2026-40906

9.9/10 · Must read/watch

NVDvuln

Summary
Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL database through crafted ORDER BY expressions. T

CVECVE-2026-40906

SeverityCRITICAL

TypeUPDATED

PublishedTue, Apr 21 · 09:16 PM CDT

ModifiedWed, May 13 · 03:47 PM CDT

Open article ↗

Thu, Apr 23 · 12:16 AM CDT

CVE-2026-29198

9.8/10 · Must read/watch

NVDvuln

Summary
In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured.

CVECVE-2026-29198

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 23 · 12:16 AM CDT

ModifiedWed, May 13 · 08:39 PM CDT

Open article ↗

Fri, May 08 · 03:16 PM CDT

CVE-2026-41574

9.8/10 · Must read/watch

NVDvuln

Summary
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts a profile.EmailVerifie

CVECVE-2026-41574

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 08 · 03:16 PM CDT

ModifiedWed, May 13 · 05:46 PM CDT

Open article ↗

Fri, May 08 · 05:16 PM CDT

CVE-2026-42072

9.8/10 · Must read/watch

NVDvuln

Summary
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to the HTTP server correctly but never reaches the Bolt server config. Th

CVECVE-2026-42072

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 08 · 05:16 PM CDT

ModifiedWed, May 13 · 04:34 PM CDT

Open article ↗

Mon, May 04 · 06:16 PM CDT

CVE-2026-42088

9.6/10 · Must read/watch

NVDvuln

Summary
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the docker containers shar

CVECVE-2026-42088

SeverityCRITICAL

TypeUPDATED

PublishedMon, May 04 · 06:16 PM CDT

ModifiedWed, May 13 · 08:47 PM CDT

Open article ↗

Fri, May 08 · 04:16 AM CDT

CVE-2026-43944

9.6/10 · Must read/watch

NVDvuln

Summary
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut

CVECVE-2026-43944

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 08 · 04:16 AM CDT

ModifiedWed, May 13 · 02:17 PM CDT

Open article ↗

Wed, May 06 · 08:16 PM CDT

CVE-2026-44112

9.6/10 · Must read/watch

NVDvuln

Summary
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local

CVECVE-2026-44112

SeverityCRITICAL

TypeUPDATED

PublishedWed, May 06 · 08:16 PM CDT

ModifiedWed, May 13 · 05:16 PM CDT

Open article ↗

Fri, Mar 20 · 11:16 PM CDT

CVE-2026-29796

9.4/10 · Must read/watch

NVDvuln

Summary
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP

CVECVE-2026-29796

SeverityCRITICAL

TypeUPDATED

PublishedFri, Mar 20 · 11:16 PM CDT

ModifiedWed, May 13 · 04:33 PM CDT

Open article ↗

Tue, Apr 21 · 09:16 PM CDT

CVE-2025-70420

8.8/10 · Worth your time

NVDvuln

Summary
A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements.

CVECVE-2025-70420

SeverityHIGH

TypeUPDATED

PublishedTue, Apr 21 · 09:16 PM CDT

ModifiedWed, May 13 · 04:01 PM CDT

Open article ↗

Fri, May 08 · 07:16 PM CDT

CVE-2026-29202

8.8/10 · Worth your time

NVDvuln

Summary
Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user.

CVECVE-2026-29202

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 07:16 PM CDT

ModifiedWed, May 13 · 10:16 PM CDT

Open article ↗

Fri, May 08 · 07:16 PM CDT

CVE-2026-29203

8.8/10 · Worth your time

NVDvuln

Summary
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home direct

CVECVE-2026-29203

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 07:16 PM CDT

ModifiedWed, May 13 · 03:53 PM CDT

Open article ↗

Thu, Apr 09 · 06:17 PM CDT

CVE-2026-39981

8.8/10 · Worth your time

NVDvuln

Summary
AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary file

CVECVE-2026-39981

SeverityHIGH

TypeUPDATED

PublishedThu, Apr 09 · 06:17 PM CDT

ModifiedWed, May 13 · 03:52 PM CDT

Open article ↗

Fri, May 08 · 04:16 AM CDT

CVE-2026-42203

8.8/10 · Worth your time

NVDvuln

Summary
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process.

CVECVE-2026-42203

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 04:16 AM CDT

ModifiedWed, May 13 · 05:14 PM CDT

Open article ↗

Wed, May 06 · 12:16 PM CDT

CVE-2026-43158

8.8/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: xfs: fix freemap adjustments when adding xattrs to leaf blocks xfs/592 and xfs/794 both trip this assertion in the leaf block freemap adjustment code after ~20 minutes of running on my test VMs: ASSERT(ichdr->firstused >= ichdr->count * sizeof(xfs_attr

CVECVE-2026-43158

SeverityHIGH

TypeUPDATED

PublishedWed, May 06 · 12:16 PM CDT

ModifiedWed, May 13 · 09:20 PM CDT

Open article ↗

Wed, May 06 · 12:16 PM CDT

CVE-2026-43172

8.8/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix 22000 series SMEM parsing If the firmware were to report three LMACs (which doesn't exist in hardware) then using "fwrt->smem_cfg.lmac[2]" is an overrun of the array. Reject such and use IWL_FW_CHECK instead of WARN_ON in this functi

CVECVE-2026-43172

SeverityHIGH

TypeUPDATED

PublishedWed, May 06 · 12:16 PM CDT

ModifiedWed, May 13 · 02:56 PM CDT

Open article ↗

Fri, May 08 · 08:16 AM CDT

CVE-2026-43284

8.8/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a

CVECVE-2026-43284

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 08:16 AM CDT

ModifiedThu, May 14 · 06:16 AM CDT

Open article ↗

Fri, May 08 · 07:16 PM CDT

CVE-2026-29201

8.6/10 · Worth your time

NVDvuln

Summary
Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.

CVECVE-2026-29201

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 07:16 PM CDT

ModifiedWed, May 13 · 10:16 PM CDT

Open article ↗

Thu, May 07 · 09:16 PM CDT

CVE-2026-42047

8.6/10 · Worth your time

NVDvuln

Summary
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve() HTTP handler. Th

CVECVE-2026-42047

SeverityHIGH

TypeUPDATED

PublishedThu, May 07 · 09:16 PM CDT

ModifiedWed, May 13 · 02:06 PM CDT

Open article ↗

Wed, May 06 · 12:16 PM CDT

CVE-2026-43139

8.6/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6_get_saddr() xfrm6_get_saddr() does not check the return value of ipv6_dev_get_saddr(). When ipv6_dev_get_saddr() fails to find a suitable source address (returns -EADDRNOTAVAIL), saddr->in6 is left uninitialized,

CVECVE-2026-43139

SeverityHIGH

TypeUPDATED

PublishedWed, May 06 · 12:16 PM CDT

ModifiedWed, May 13 · 06:41 PM CDT

Open article ↗

Thu, May 07 · 09:16 AM CDT

CVE-2025-1978

8.3/10 · Worth your time

NVDvuln

Summary
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One B

CVECVE-2025-1978

SeverityHIGH

TypeUPDATED

PublishedThu, May 07 · 09:16 AM CDT

ModifiedWed, May 13 · 07:15 PM CDT

Open article ↗

Fri, May 08 · 04:16 PM CDT

CVE-2026-29972

8.2/10 · Worth your time

NVDvuln

Summary
nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the library writes register data from the server response to the caller-provided buffer based on the response's byte_count field be

CVECVE-2026-29972

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 04:16 PM CDT

ModifiedWed, May 13 · 03:46 PM CDT

Open article ↗

Mon, Apr 13 · 06:16 PM CDT

CVE-2026-28291

8.1/10 · Worth your time

NVDvuln

Summary
simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for CVE-2022-25860, as Git'

CVECVE-2026-28291

SeverityHIGH

TypeUPDATED

PublishedMon, Apr 13 · 06:16 PM CDT

ModifiedWed, May 13 · 08:52 PM CDT

Open article ↗

Fri, May 08 · 04:16 PM CDT

CVE-2026-41883

8.1/10 · Worth your time

NVDvuln

Summary
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution (RCE). This affects applications that use CDNResourceHandler with a wildcard CDN mapping (e.g. libraryName:*=https://cdn.example.com/*). An attacker

CVECVE-2026-41883

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 04:16 PM CDT

ModifiedWed, May 13 · 04:34 PM CDT

Open article ↗

Tue, Nov 18 · 07:15 PM CST

CVE-2025-61662

7.8/10 · Worth your time

NVDvuln

Summary
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory l

CVECVE-2025-61662

SeverityHIGH

TypeUPDATED

PublishedTue, Nov 18 · 07:15 PM CST

ModifiedWed, May 13 · 04:16 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.