Archive snapshot

Wed, May 20 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Wed, May 20 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Wed, May 20 · 06:00 AM CDT

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

9.8/10 · Must read/watch

Infosecurity Magazinesupply-chain

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 20 · 06:00 AM CDT

Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector

9.8/10 · Must read/watch

Infosecurity Magazinevulnidentity

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, 20 May 2026 16:00:00 +0530

Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

9.8/10 · Must read/watch

The Hacker Newssupply-chainai

Summary
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → T

Open article ↗

Wed, 20 May 2026 13:58:26 +0530

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

9.8/10 · Must read/watch

The Hacker Newsvuln

Summary
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker secur

Open article ↗

Wed, 20 May 2026 10:42:06 +0530

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

9.8/10 · Must read/watch

The Hacker Newssupply-chainai

Summary
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes pu

Open article ↗

Worth skimming

Wed, May 20 · 06:00 AM CDT

AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software

8.5/10 · Worth your time

Infosecurity Magazinevulnai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 20 · 06:00 AM CDT

Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool

8.2/10 · Worth your time

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 20 · 06:00 AM CDT

Researchers Warn CypherLoc Scareware Has Targeted Millions of Users

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 20 · 05:06 AM CDT

Learnings from 100K lines of Rust with AI (2025)

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 54 minutes ago.

Open article ↗

Wed, May 20 · 02:00 AM CDT

CopyFail: From Pod to Host

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Thu, Nov 12 · 06:15 PM CST

CVE-2020-28271

9.8/10 · Must read/watch

NVDvuln

Summary
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.

CVECVE-2020-28271

SeverityCRITICAL

TypeUPDATED

PublishedThu, Nov 12 · 06:15 PM CST

ModifiedTue, May 19 · 01:37 PM CDT

Open article ↗

Thu, Feb 23 · 12:15 PM CST

CVE-2022-2504

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection. This issue affects SDD-Baro: before 2.8.432.

CVECVE-2022-2504

SeverityCRITICAL

TypeUPDATED

PublishedThu, Feb 23 · 12:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Fri, Dec 02 · 12:15 PM CST

CVE-2022-2807

9.8/10 · Must read/watch

NVDvuln

Summary
SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection. This issue affects Prens Student Information System: before 2.1.11.

CVECVE-2022-2807

SeverityCRITICAL

TypeUPDATED

PublishedFri, Dec 02 · 12:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Mar 07 · 09:15 AM CST

CVE-2022-3760

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med. This issue affects Mia-Med: before 1.0.0.58.

CVECVE-2022-3760

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 07 · 09:15 AM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Jan 10 · 02:15 PM CST

CVE-2022-3792

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection. This issue affects GullsEye terminal operating system: from unspecified before 5.0.13.

CVECVE-2022-3792

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jan 10 · 02:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Jan 10 · 02:15 PM CST

CVE-2022-4422

9.8/10 · Must read/watch

NVDvuln

Summary
Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0

CVECVE-2022-4422

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jan 10 · 02:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Fri, Feb 09 · 02:15 PM CST

CVE-2023-6677

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2.

CVECVE-2023-6677

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 09 · 02:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Thu, Feb 15 · 04:15 PM CST

CVE-2023-7081

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection. This issue affects Online Payment System: before 14.02.2024.

CVECVE-2023-7081

SeverityCRITICAL

TypeUPDATED

PublishedThu, Feb 15 · 04:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Tue, Mar 05 · 01:15 PM CST

CVE-2023-7103

9.8/10 · Must read/watch

NVDvuln

Summary
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass. This issue affects UFace 5: through 12022024.

CVECVE-2023-7103

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 05 · 01:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Fri, Feb 27 · 12:16 PM CST

CVE-2026-24352

9.8/10 · Must read/watch

NVDvuln

Summary
PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this vulnerability, but did

CVECVE-2026-24352

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 27 · 12:16 PM CST

ModifiedTue, May 19 · 10:16 PM CDT

Open article ↗

Thu, Mar 05 · 07:16 AM CST

CVE-2026-2743

9.8/10 · Must read/watch

NVDvuln

Summary
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before

CVECVE-2026-2743

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 05 · 07:16 AM CST

ModifiedTue, May 19 · 08:16 PM CDT

Open article ↗

Tue, Jul 11 · 06:15 PM CDT

CVE-2023-33150

9.6/10 · Must read/watch

NVDvuln

Summary
Microsoft Office Security Feature Bypass Vulnerability

CVECVE-2023-33150

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 11 · 06:15 PM CDT

ModifiedTue, May 19 · 06:38 PM CDT

Open article ↗

Wed, Sep 21 · 09:15 AM CDT

CVE-2022-0495

9.4/10 · Must read/watch

NVDvuln

Summary
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.

CVECVE-2022-0495

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 21 · 09:15 AM CDT

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Fri, Jul 29 · 01:15 PM CDT

CVE-2022-1277

9.4/10 · Must read/watch

NVDvuln

Summary
Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.

CVECVE-2022-1277

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jul 29 · 01:15 PM CDT

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Sep 20 · 11:15 AM CDT

CVE-2022-2177

9.4/10 · Must read/watch

NVDvuln

Summary
Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.

CVECVE-2022-2177

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 20 · 11:15 AM CDT

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Wed, Sep 21 · 08:15 AM CDT

CVE-2022-2315

9.4/10 · Must read/watch

NVDvuln

Summary
Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.

CVECVE-2022-2315

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 21 · 08:15 AM CDT

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Jan 11 · 09:15 PM CST

CVE-2022-21840

8.8/10 · Worth your time

NVDvuln

Summary
Microsoft Office Remote Code Execution Vulnerability

CVECVE-2022-21840

SeverityHIGH

TypeUPDATED

PublishedTue, Jan 11 · 09:15 PM CST

ModifiedTue, May 19 · 06:38 PM CDT

Open article ↗

Fri, Dec 02 · 12:15 PM CST

CVE-2022-2808

8.8/10 · Worth your time

NVDvuln

Summary
Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection. This issue affects Prens Student Information System: before 2.1.11.

CVECVE-2022-2808

SeverityHIGH

TypeUPDATED

PublishedFri, Dec 02 · 12:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Wed, Nov 09 · 10:15 PM CST

CVE-2022-41106

8.8/10 · Worth your time

NVDvuln

Summary
Microsoft Excel Remote Code Execution Vulnerability

CVECVE-2022-41106

SeverityHIGH

TypeUPDATED

PublishedWed, Nov 09 · 10:15 PM CST

ModifiedTue, May 19 · 06:38 PM CDT

Open article ↗

Wed, Feb 22 · 07:15 AM CST

CVE-2023-26314

8.8/10 · Worth your time

NVDvuln

Summary
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

CVECVE-2023-26314

SeverityHIGH

TypeUPDATED

PublishedWed, Feb 22 · 07:15 AM CST

ModifiedWed, May 20 · 02:16 AM CDT

Open article ↗

Fri, Feb 02 · 01:15 PM CST

CVE-2023-6676

8.8/10 · Worth your time

NVDvuln

Summary
Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery. This issue affects CyberMath: from v1.4 before v1.5.

CVECVE-2023-6676

SeverityHIGH

TypeUPDATED

PublishedFri, Feb 02 · 01:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Fri, Feb 09 · 01:15 PM CST

CVE-2023-6724

8.8/10 · Worth your time

NVDvuln

Summary
Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.

CVECVE-2023-6724

SeverityHIGH

TypeUPDATED

PublishedFri, Feb 09 · 01:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Tue, Jun 11 · 05:15 PM CDT

CVE-2024-30103

8.8/10 · Worth your time

NVDvuln

Summary
Microsoft Outlook Remote Code Execution Vulnerability

CVECVE-2024-30103

SeverityHIGH

TypeUPDATED

PublishedTue, Jun 11 · 05:15 PM CDT

ModifiedTue, May 19 · 06:38 PM CDT

Open article ↗

Wed, Nov 16 · 12:15 PM CST

CVE-2022-24036

8.6/10 · Worth your time

NVDvuln

Summary
Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs.

CVECVE-2022-24036

SeverityHIGH

TypeUPDATED

PublishedWed, Nov 16 · 12:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Fri, Mar 13 · 07:53 PM CDT

CVE-2025-13777

8.3/10 · Worth your time

NVDvuln

Summary
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

CVECVE-2025-13777

SeverityHIGH

TypeUPDATED

PublishedFri, Mar 13 · 07:53 PM CDT

ModifiedTue, May 19 · 03:06 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.