Archive snapshot

Sun, May 17 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Sun, May 17 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Sun, 17 May 2026 12:43:33 +0530

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

9.8/10 · Must read/watch

The Hacker Newssupply-chainaiidentity

Summary
Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase. "Our investigation has determined that no customer data or personal information was accessed

Open article ↗

Sun, May 17 · 04:00 AM CDT

Prolog Basics Explained with Pokémon

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 2 hours ago.

Open article ↗

Sun, May 17 · 06:00 AM CDT

China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sun, May 17 · 06:00 AM CDT

Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks

8.0/10 · Worth your time

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sun, May 17 · 06:00 AM CDT

Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers

7.8/10 · Worth your time

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Sun, May 17 · 06:00 AM CDT

Canvas Owner Reaches Agreement With Cybercriminals After Ransomware Attack

7.8/10 · Worth your time

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sun, May 17 · 06:00 AM CDT

Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers

7.8/10 · Worth your time

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sun, May 17 · 06:00 AM CDT

Most Organizations Now Use AI Agents for Sensitive Security Tasks

7.8/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sun, May 17 · 06:00 AM CDT

Google Launches Android Spyware Forensics Tool for High-Risk Users

7.8/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sun, May 17 · 06:00 AM CDT

ICO Publishes Five-Step Plan to Counter Emerging AI-Powered Attacks

7.8/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Sat, May 16 · 04:16 PM CDT

CVE-2020-37228

9.8/10 · Must read/watch

NVDvuln

Summary
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts.

CVECVE-2020-37228

SeverityCRITICAL

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2020-37239

9.8/10 · Must read/watch

NVDvuln

Summary
libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_free() twice on the same pointer without triggering detection, as libc's malloc metadata overwrites babl's signature fiel

CVECVE-2020-37239

SeverityCRITICAL

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2021-47952

9.8/10 · Must read/watch

NVDvuln

Summary
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during deserialization to execute

CVECVE-2021-47952

SeverityCRITICAL

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2020-37227

8.8/10 · Worth your time

NVDvuln

Summary
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .

CVECVE-2020-37227

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2021-47976

8.8/10 · Worth your time

NVDvuln

Summary
TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can authenticate, retrieve a CSRF token from the plugin event page, and upload malicious PHP files to the textpattern/tmp/ d

CVECVE-2021-47976

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2021-47979

8.8/10 · Worth your time

NVDvuln

Summary
WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted file_name and folder_name parameters to delete arbitrary files from

CVECVE-2021-47979

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sun, May 17 · 04:16 AM CDT

CVE-2026-8719

8.8/10 · Worth your time

NVDvuln

Summary
The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be granted without verifyi

CVECVE-2026-8719

SeverityHIGH

TypeNEW

PublishedSun, May 17 · 04:16 AM CDT

ModifiedSun, May 17 · 04:16 AM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2020-37242

8.2/10 · Worth your time

NVDvuln

Summary
Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or time-based blind SQL inj

CVECVE-2020-37242

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2020-37243

8.2/10 · Worth your time

NVDvuln

Summary
Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and 'Edit HTML' fields that e

CVECVE-2020-37243

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2020-37244

8.2/10 · Worth your time

NVDvuln

Summary
Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract sensitive database infor

CVECVE-2020-37244

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2021-47954

8.2/10 · Worth your time

NVDvuln

Summary
LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send POST requests to /search.php with malicious search_query values using CASE WHEN statements to extract sensitive database

CVECVE-2021-47954

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2021-47956

8.2/10 · Worth your time

NVDvuln

Summary
EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive database information.

CVECVE-2021-47956

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 10:16 PM CDT

CVE-2026-46728

8.2/10 · Worth your time

NVDvuln

Summary
Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.

CVECVE-2026-46728

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 10:16 PM CDT

ModifiedSat, May 16 · 10:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2020-37229

7.8/10 · Worth your time

NVDvuln

Summary
OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that will execute with Local

CVECVE-2020-37229

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2020-37230

7.8/10 · Worth your time

NVDvuln

Summary
Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path. Attackers can insert a malicious executable into the service path and execute it with LocalSystem privileges when the s

CVECVE-2020-37230

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2020-37231

7.8/10 · Worth your time

NVDvuln

Summary
Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code with LocalSystem privile

CVECVE-2020-37231

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2020-37232

7.8/10 · Worth your time

NVDvuln

Summary
Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSystem privileges during se

CVECVE-2020-37232

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2020-37247

7.8/10 · Worth your time

NVDvuln

Summary
Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem privileges when the servi

CVECVE-2020-37247

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2021-47974

7.8/10 · Worth your time

NVDvuln

Summary
VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories like C:\Program Files\VX Search to execute arbitrary code with LocalSyst

CVECVE-2021-47974

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2020-37245

7.5/10 · Worth your time

NVDvuln

Summary
Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing stored cross-site script

CVECVE-2020-37245

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2021-47942

7.5/10 · Worth your time

NVDvuln

Summary
Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh tokens, then craft valid JWT to

CVECVE-2021-47942

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2021-47969

7.5/10 · Worth your time

NVDvuln

Summary
Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the application to stop responding

CVECVE-2021-47969

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2021-47970

7.5/10 · Worth your time

NVDvuln

Summary
Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger application crash and stop functionality

CVECVE-2021-47970

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2021-47971

7.5/10 · Worth your time

NVDvuln

Summary
My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash.

CVECVE-2021-47971

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2021-47972

7.5/10 · Worth your time

NVDvuln

Summary
Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can paste large payloads of repeated characters into note fields to trigger application crashes and make the application stop

CVECVE-2021-47972

SeverityHIGH

TypeNEW

PublishedSat, May 16 · 04:16 PM CDT

ModifiedSat, May 16 · 04:16 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.