Archive snapshot

Sat, May 16 · 12:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Sat, May 16 · 12:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

1

NVD vulnerabilities

25

Top stories

Sat, 16 May 2026 20:50:48 +0530

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

9.3/10 · Must read/watch

The Hacker Newsvulnai

Summary
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activi

Open article ↗

Sat, May 16 · 10:00 AM CDT

DeepSeek-V4-Flash means LLM steering is interesting again

8.7/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 2 hours ago.

Open article ↗

Sat, May 16 · 08:00 AM CDT

My Favorite Bugs: Invalid Surrogate Pairs

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Sat, May 16 · 12:00 PM CDT

China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 16 · 12:00 PM CDT

Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks

8.0/10 · Worth your time

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Sat, May 16 · 08:00 AM CDT

SANA-WM, a 2.6B open-source world model for 1-minute 720p video

7.9/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Sat, May 16 · 12:00 PM CDT

Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers

7.8/10 · Worth your time

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 16 · 12:00 PM CDT

Canvas Owner Reaches Agreement With Cybercriminals After Ransomware Attack

7.8/10 · Worth your time

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 16 · 12:00 PM CDT

Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers

7.8/10 · Worth your time

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 16 · 12:00 PM CDT

Most Organizations Now Use AI Agents for Sensitive Security Tasks

7.8/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Sat, May 16 · 02:33 AM CDT

Hack a Drug Lord's Smart Toilet!

7.6/10 · Worth your time

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Wed, Apr 10 · 04:15 PM CDT

CVE-2024-3566

9.8/10 · Must read/watch

NVDvuln

Summary
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.

CVECVE-2024-3566

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 10 · 04:15 PM CDT

ModifiedFri, May 15 · 03:03 PM CDT

Open article ↗

Sat, Jan 24 · 01:15 AM CST

CVE-2026-22586

9.8/10 · Must read/watch

NVDvuln

Summary
Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

CVECVE-2026-22586

SeverityCRITICAL

TypeUPDATED

PublishedSat, Jan 24 · 01:15 AM CST

ModifiedFri, May 15 · 08:25 PM CDT

Open article ↗

Fri, May 08 · 02:16 PM CDT

CVE-2026-43304

9.8/10 · Must read/watch

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buffer in process_auth_done() and generally has a sane length. The new CEPH_MAX_KEY_LEN check replaces the existing check for a

CVECVE-2026-43304

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 08 · 02:16 PM CDT

ModifiedFri, May 15 · 01:25 PM CDT

Open article ↗

Fri, May 08 · 02:16 PM CDT

CVE-2026-43341

9.8/10 · Must read/watch

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6_fill_trace_data() stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wraps from 256 to 0, and

CVECVE-2026-43341

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 08 · 02:16 PM CDT

ModifiedFri, May 15 · 07:45 PM CDT

Open article ↗

Fri, May 08 · 03:16 PM CDT

CVE-2026-43376

9.8/10 · Must read/watch

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using call_rcu() for oplock_info ksmbd currently frees oplock_info immediately using kfree(), even though it is accessed under RCU read-side critical sections in places like opinfo_get() and proc_show_files(). Since there i

CVECVE-2026-43376

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 08 · 03:16 PM CDT

ModifiedFri, May 15 · 03:15 PM CDT

Open article ↗

Tue, May 12 · 02:16 AM CDT

CVE-2026-45391

9.8/10 · Must read/watch

NVDvuln

Summary
Reserved. Details will be published at disclosure.

CVECVE-2026-45391

SeverityCRITICAL

TypeUPDATED

PublishedTue, May 12 · 02:16 AM CDT

ModifiedFri, May 15 · 12:17 PM CDT

Open article ↗

Tue, May 12 · 02:16 AM CDT

CVE-2026-45392

9.8/10 · Must read/watch

NVDvuln

Summary
Reserved. Details will be published at disclosure.

CVECVE-2026-45392

SeverityCRITICAL

TypeUPDATED

PublishedTue, May 12 · 02:16 AM CDT

ModifiedFri, May 15 · 12:17 PM CDT

Open article ↗

Tue, May 12 · 02:16 AM CDT

CVE-2026-45393

9.8/10 · Must read/watch

NVDvuln

Summary
Reserved. Details will be published at disclosure.

CVECVE-2026-45393

SeverityCRITICAL

TypeUPDATED

PublishedTue, May 12 · 02:16 AM CDT

ModifiedFri, May 15 · 09:16 PM CDT

Open article ↗

Mon, May 11 · 06:16 PM CDT

CVE-2026-7210

9.8/10 · Must read/watch

NVDvuln

Summary
`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.

CVECVE-2026-7210

SeverityCRITICAL

TypeUPDATED

PublishedMon, May 11 · 06:16 PM CDT

ModifiedSat, May 16 · 03:05 AM CDT

Open article ↗

Tue, May 12 · 03:16 AM CDT

CVE-2026-34263

9.6/10 · Must read/watch

NVDvuln

Summary
Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.

CVECVE-2026-34263

SeverityCRITICAL

TypeUPDATED

PublishedTue, May 12 · 03:16 AM CDT

ModifiedFri, May 15 · 12:17 PM CDT

Open article ↗

Thu, Feb 19 · 07:17 AM CST

CVE-2026-0974

8.8/10 · Worth your time

NVDvuln

Summary
The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the 'install_plugin' function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers,

CVECVE-2026-0974

SeverityHIGH

TypeUPDATED

PublishedThu, Feb 19 · 07:17 AM CST

ModifiedSat, May 16 · 01:16 AM CDT

Open article ↗

Fri, May 08 · 07:16 PM CDT

CVE-2026-29203

8.8/10 · Worth your time

NVDvuln

Summary
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home direct

CVECVE-2026-29203

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 07:16 PM CDT

ModifiedFri, May 15 · 06:16 PM CDT

Open article ↗

Fri, May 08 · 02:16 PM CDT

CVE-2026-43322

8.8/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in le_read_features_complete This fixes the following backtrace caused by hci_conn being freed before le_read_features_complete but after hci_le_read_remote_features_sync so hci_conn_del -> hci_cmd_sync_dequeue is not able

CVECVE-2026-43322

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 02:16 PM CDT

ModifiedFri, May 15 · 06:15 PM CDT

Open article ↗

Fri, May 08 · 02:16 PM CDT

CVE-2026-43334

8.8/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smp_cmd_pairing_req() currently builds the pairing response from the initiator auth_req before enforcing the local BT_SECURITY_HIGH requirement. If the initiator omi

CVECVE-2026-43334

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 02:16 PM CDT

ModifiedFri, May 15 · 08:01 PM CDT

Open article ↗

Tue, May 12 · 04:16 AM CDT

CVE-2026-7256

8.8/10 · Worth your time

NVDvuln

Summary
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP request.

CVECVE-2026-7256

SeverityHIGH

TypeUPDATED

PublishedTue, May 12 · 04:16 AM CDT

ModifiedSat, May 16 · 03:08 AM CDT

Open article ↗

Mon, May 11 · 11:20 PM CDT

CVE-2026-43912

8.7/10 · Worth your time

NVDvuln

Summary
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_users.users_organizations_uuid entry belongs to the same organization as groups.groups_uuid, or a collections_groups.collections_uuid entry belongs to the same organization as collections_groups.gro

CVECVE-2026-43912

SeverityHIGH

TypeUPDATED

PublishedMon, May 11 · 11:20 PM CDT

ModifiedFri, May 15 · 08:19 PM CDT

Open article ↗

Sat, May 09 · 04:16 AM CDT

CVE-2026-42297

8.3/10 · Worth your time

NVDvuln

Summary
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD operations (create, read, update, delete). Any

CVECVE-2026-42297

SeverityHIGH

TypeUPDATED

PublishedSat, May 09 · 04:16 AM CDT

ModifiedFri, May 15 · 07:26 PM CDT

Open article ↗

Mon, May 11 · 06:16 PM CDT

CVE-2026-42313

8.3/10 · Worth your time

NVDvuln

Summary
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand-maintained allowlist ADMIN_ONLY_CORE_OPTIONS. The allowlist contains ("proxy", "

CVECVE-2026-42313

SeverityHIGH

TypeUPDATED

PublishedMon, May 11 · 06:16 PM CDT

ModifiedFri, May 15 · 02:04 PM CDT

Open article ↗

Fri, May 08 · 03:16 PM CDT

CVE-2026-43365

8.2/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: xfs: fix undersized l_iclog_roundoff values If the superblock doesn't list a log stripe unit, we set the incore log roundoff value to 512. This leads to corrupt logs and unmountable filesystems in generic/617 on a disk with 4k physical sectors... XFS (

CVECVE-2026-43365

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 03:16 PM CDT

ModifiedFri, May 15 · 04:15 PM CDT

Open article ↗

Sat, May 09 · 04:16 AM CDT

CVE-2026-42296

8.1/10 · Worth your time

NVDvuln

Summary
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod security context, add toler

CVECVE-2026-42296

SeverityHIGH

TypeUPDATED

PublishedSat, May 09 · 04:16 AM CDT

ModifiedFri, May 15 · 07:39 PM CDT

Open article ↗

Mon, May 11 · 06:16 PM CDT

CVE-2026-42315

8.1/10 · Worth your time

NVDvuln

Summary
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary directories as download

CVECVE-2026-42315

SeverityHIGH

TypeUPDATED

PublishedMon, May 11 · 06:16 PM CDT

ModifiedFri, May 15 · 02:29 PM CDT

Open article ↗

Fri, May 08 · 03:16 PM CDT

CVE-2026-43362

8.1/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2_write() SMB2_write() places write payload in iov[1..n] as part of rq_iov. smb3_init_transform_rq() pointer-shares rq_iov, so crypt_message() encrypts iov[1] in-place, replacing the original plaint

CVECVE-2026-43362

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 03:16 PM CDT

ModifiedFri, May 15 · 04:13 PM CDT

Open article ↗

Fri, May 08 · 03:16 PM CDT

CVE-2026-43377

8.1/10 · Worth your time

NVDvuln

Summary
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signingkey() and generate_smb3encryptionkey() log the session, signing, encryption, and decryption key bytes. Remove the logs to

CVECVE-2026-43377

SeverityHIGH

TypeUPDATED

PublishedFri, May 08 · 03:16 PM CDT

ModifiedFri, May 15 · 03:14 PM CDT

Open article ↗

Mon, May 11 · 06:16 PM CDT

CVE-2026-43640

8.1/10 · Worth your time

NVDvuln

Summary
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session.

CVECVE-2026-43640

SeverityHIGH

TypeUPDATED

PublishedMon, May 11 · 06:16 PM CDT

ModifiedSat, May 16 · 03:04 AM CDT

Open article ↗

Mon, May 11 · 06:16 PM CDT

CVE-2026-43639

8.0/10 · Worth your time

NVDvuln

Summary
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via `POST /providers/{providerId}/clients/existing`, resulting in takeover of the target organization; self-hosted installations are unaffected as thi

CVECVE-2026-43639

SeverityHIGH

TypeUPDATED

PublishedMon, May 11 · 06:16 PM CDT

ModifiedSat, May 16 · 03:04 AM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.