Archive snapshot

Fri, May 15 · 06:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Fri, May 15 · 06:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

1

NVD vulnerabilities

25

Top stories

Fri, May 15 · 06:00 PM CDT

Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers

9.2/10 · Must read/watch

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 15 · 06:00 PM CDT

China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer

8.9/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 15 · 03:00 PM CDT

California bill would require patches or refunds when online games shut down

8.2/10 · Worth your time

Hacker Newsvuln

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Fri, 15 May 2026 22:40:25 +0530

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

8.1/10 · Worth your time

The Hacker Newsgeneral

Summary
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrast

Open article ↗

Fri, May 15 · 04:00 PM CDT

I believe there are entire companies right now under AI psychosis

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 2 hours ago.

Open article ↗

Worth skimming

Fri, May 15 · 06:00 PM CDT

Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks

8.0/10 · Worth your time

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 15 · 06:00 PM CDT

Canvas Owner Reaches Agreement With Cybercriminals After Ransomware Attack

7.8/10 · Worth your time

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 15 · 06:00 PM CDT

Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers

7.8/10 · Worth your time

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 15 · 06:00 PM CDT

Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign

7.7/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 15 · 06:00 PM CDT

Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Fri, May 15 · 04:00 AM CDT

The Payload Podcast 006

6.8/10 · Skim only if relevant

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Thu, Apr 23 · 02:16 AM CDT

CVE-2026-41196

10.0/10 · Must read/watch

NVDvuln

Summary
Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the server-side mod, async

CVECVE-2026-41196

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 23 · 02:16 AM CDT

ModifiedThu, May 14 · 04:35 PM CDT

Open article ↗

Tue, Aug 13 · 07:15 PM CDT

CVE-2024-7593

9.8/10 · Must read/watch

NVDvuln

Summary
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

CVECVE-2024-7593

SeverityCRITICAL

TypeUPDATED

PublishedTue, Aug 13 · 07:15 PM CDT

ModifiedThu, May 14 · 07:36 PM CDT

Open article ↗

Fri, Feb 20 · 05:25 PM CST

CVE-2026-26725

9.8/10 · Must read/watch

NVDvuln

Summary
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 (fixed in 19.76) allows a remote attacker to escalate privileges via the AccessID parameter.

CVECVE-2026-26725

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 20 · 05:25 PM CST

ModifiedThu, May 14 · 07:16 PM CDT

Open article ↗

Sat, May 09 · 08:16 PM CDT

CVE-2026-42601

9.8/10 · Must read/watch

NVDvuln

Summary
ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint (AddView in core/views.py) accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injectio

CVECVE-2026-42601

SeverityCRITICAL

TypeUPDATED

PublishedSat, May 09 · 08:16 PM CDT

ModifiedThu, May 14 · 05:36 PM CDT

Open article ↗

Thu, May 07 · 05:15 PM CDT

CVE-2026-7414

9.8/10 · Must read/watch

NVDvuln

Summary
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyone who knows them.

CVECVE-2026-7414

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 07 · 05:15 PM CDT

ModifiedThu, May 14 · 05:53 PM CDT

Open article ↗

Thu, May 07 · 05:15 PM CDT

CVE-2026-7415

9.8/10 · Must read/watch

NVDvuln

Summary
The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization of any kind.

CVECVE-2026-7415

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 07 · 05:15 PM CDT

ModifiedThu, May 14 · 05:50 PM CDT

Open article ↗

Wed, Mar 11 · 03:16 PM CDT

CVE-2026-30903

9.6/10 · Must read/watch

NVDvuln

Summary
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.

CVECVE-2026-30903

SeverityCRITICAL

TypeUPDATED

PublishedWed, Mar 11 · 03:16 PM CDT

ModifiedThu, May 14 · 08:27 PM CDT

Open article ↗

Fri, Feb 27 · 07:16 PM CST

CVE-2026-2880

9.1/10 · Must read/watch

NVDvuln

Summary
A vulnerability in @fastify/middie versions < 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware (for example, app.use('/secret', auth)). When Fastify router normalization options are enabled (such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related trailing-slash behavi

CVECVE-2026-2880

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 27 · 07:16 PM CST

ModifiedThu, May 14 · 03:41 PM CDT

Open article ↗

Fri, May 08 · 08:16 PM CDT

CVE-2026-44694

9.1/10 · Must read/watch

NVDvuln

Summary
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client (N8N_API_URL), and per-request URLs

CVECVE-2026-44694

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 08 · 08:16 PM CDT

ModifiedThu, May 14 · 06:10 PM CDT

Open article ↗

Thu, Apr 16 · 02:16 PM CDT

CVE-2026-6270

9.1/10 · Must read/watch

NVDvuln

Summary
@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the parent middleware. This

CVECVE-2026-6270

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 16 · 02:16 PM CDT

ModifiedThu, May 14 · 03:41 PM CDT

Open article ↗

Sun, May 10 · 01:16 PM CDT

CVE-2021-47935

8.8/10 · Worth your time

NVDvuln

Summary
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compr

CVECVE-2021-47935

SeverityHIGH

TypeUPDATED

PublishedSun, May 10 · 01:16 PM CDT

ModifiedThu, May 14 · 05:16 PM CDT

Open article ↗

Sat, May 09 · 08:16 PM CDT

CVE-2026-42605

8.8/10 · Worth your time

NVDvuln

Summary
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint (POST /api/station/{station_id}/files/upload) is not sanitized for path traversal sequences. When combined with a local filesystem storage backend (the

CVECVE-2026-42605

SeverityHIGH

TypeUPDATED

PublishedSat, May 09 · 08:16 PM CDT

ModifiedThu, May 14 · 05:34 PM CDT

Open article ↗

Fri, May 08 · 08:16 AM CDT

CVE-2026-43284

8.8/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a

CVECVE-2026-43284

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 08:16 AM CDT

ModifiedThu, May 14 · 05:16 PM CDT

Open article ↗

Thu, May 07 · 09:16 PM CDT

CVE-2026-42449

8.5/10 · Worth your time

NVDvuln

Summary
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path (N8NDocumentationMCPServer constructor, getN8nApiClient(), and validateInstanceContext()), the synchronous URL validator in SSRFProtection.validate

CVECVE-2026-42449

SeverityHIGH

TypeUPDATED

PublishedThu, May 07 · 09:16 PM CDT

ModifiedThu, May 14 · 05:37 PM CDT

Open article ↗

Mon, Jan 19 · 04:15 PM CST

CVE-2026-22031

8.4/10 · Worth your time

NVDvuln

Summary
@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e.g., `/%61dmin` instead of `/admin`). While the middleware e

CVECVE-2026-22031

SeverityHIGH

TypeUPDATED

PublishedMon, Jan 19 · 04:15 PM CST

ModifiedThu, May 14 · 03:41 PM CDT

Open article ↗

Fri, Apr 24 · 08:16 PM CDT

CVE-2026-41433

8.4/10 · Worth your time

NVDvuln

Summary
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is running with elevated

CVECVE-2026-41433

SeverityHIGH

TypeUPDATED

PublishedFri, Apr 24 · 08:16 PM CDT

ModifiedThu, May 14 · 04:31 PM CDT

Open article ↗

Fri, May 08 · 02:16 PM CDT

CVE-2026-43291

8.3/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") communication with nci nfc chips is not working any more. The mentioned commit tries to fix access of uninitia

CVECVE-2026-43291

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 02:16 PM CDT

ModifiedThu, May 14 · 09:08 PM CDT

Open article ↗

Fri, Apr 24 · 07:17 PM CDT

CVE-2026-41326

8.2/10 · Worth your time

NVDvuln

Summary
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy (and perhaps the CopyFile handler) allows untrusted hosts to write to arbitrary locations inside the guest workl

CVECVE-2026-41326

SeverityHIGH

TypeUPDATED

PublishedFri, Apr 24 · 07:17 PM CDT

ModifiedThu, May 14 · 04:33 PM CDT

Open article ↗

Mon, May 11 · 09:18 PM CDT

CVE-2026-28907

8.1/10 · Worth your time

NVDvuln

Summary
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

CVECVE-2026-28907

SeverityHIGH

TypeUPDATED

PublishedMon, May 11 · 09:18 PM CDT

ModifiedThu, May 14 · 02:32 PM CDT

Open article ↗

Thu, May 07 · 10:16 PM CDT

CVE-2026-41105

8.1/10 · Worth your time

NVDvuln

Summary
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.

CVECVE-2026-41105

SeverityHIGH

TypeUPDATED

PublishedThu, May 07 · 10:16 PM CDT

ModifiedThu, May 14 · 02:27 PM CDT

Open article ↗

Sat, May 09 · 08:16 PM CDT

CVE-2026-42606

8.1/10 · Worth your time

NVDvuln

Summary
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to any user by injecting

CVECVE-2026-42606

SeverityHIGH

TypeUPDATED

PublishedSat, May 09 · 08:16 PM CDT

ModifiedThu, May 14 · 05:31 PM CDT

Open article ↗

Mon, May 11 · 04:17 PM CDT

CVE-2026-42609

8.1/10 · Worth your time

NVDvuln

Summary
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existing accounts, including the primary administrator. By creating a new user with a username that already exists, the system

CVECVE-2026-42609

SeverityHIGH

TypeUPDATED

PublishedMon, May 11 · 04:17 PM CDT

ModifiedThu, May 14 · 06:16 PM CDT

Open article ↗

Sat, May 09 · 01:16 AM CDT

CVE-2026-6665

8.1/10 · Worth your time

NVDvuln

Summary
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow.

CVECVE-2026-6665

SeverityHIGH

TypeUPDATED

PublishedSat, May 09 · 01:16 AM CDT

ModifiedThu, May 14 · 06:52 PM CDT

Open article ↗

Mon, Mar 12 · 09:29 PM CDT

CVE-2018-6400

7.8/10 · Worth your time

NVDvuln

Summary
Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely created named pipe." Ensures full access to Everyone users group.

CVECVE-2018-6400

SeverityHIGH

TypeUPDATED

PublishedMon, Mar 12 · 09:29 PM CDT

ModifiedThu, May 14 · 07:16 PM CDT

Open article ↗

Mon, May 11 · 09:18 PM CDT

CVE-2026-28915

7.8/10 · Worth your time

NVDvuln

Summary
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.

CVECVE-2026-28915

SeverityHIGH

TypeUPDATED

PublishedMon, May 11 · 09:18 PM CDT

ModifiedThu, May 14 · 02:02 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.