Archive snapshot

Wed, May 20 · 06:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Wed, May 20 · 06:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

1

NVD vulnerabilities

25

Top stories

Wed, May 20 · 02:00 PM CDT

GitHub confirms breach of 3,800 repos via malicious VSCode extension

9.6/10 · Must read/watch

Hacker Newssupply-chain

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Wed, May 20 · 06:00 PM CDT

Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

9.4/10 · Must read/watch

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 20 · 06:00 PM CDT

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

9.4/10 · Must read/watch

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 20 · 03:00 PM CDT

An OpenAI model has disproved a central conjecture in discrete geometry

9.2/10 · Must read/watch

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Wed, 20 May 2026 22:36:54 +0530

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

9.0/10 · Must read/watch

The Hacker Newsai

Summary
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functio

Open article ↗

Worth skimming

Wed, May 20 · 06:00 PM CDT

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

8.9/10 · Worth your time

Infosecurity Magazinesupply-chain

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 20 · 06:00 PM CDT

Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector

8.9/10 · Worth your time

Infosecurity Magazinevulnidentity

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 20 · 05:00 PM CDT

PopuLoRA: Co-Evolving LLM Populations for Reasoning Self- Play

8.7/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Wed, May 20 · 06:00 PM CDT

China-Linked Webworm APT Evolves Tactics, Expands to European Targets

8.6/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, 20 May 2026 19:10:36 +0000

Google publishes exploit code threatening millions of Chromium users

8.4/10 · Worth your time

Ars Technicavuln

Summary
Google publishes exploit code before patch, reported 29 months earlier, is fixed.

Open article ↗

Videos worth watching

John Hammond

6.8/10 · Skim only if relevant

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
Free Cybersecurity Education and Ethical Hacking.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Thu, Nov 12 · 06:15 PM CST

CVE-2020-28271

9.8/10 · Must read/watch

NVDvuln

Summary
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.

CVECVE-2020-28271

SeverityCRITICAL

TypeUPDATED

PublishedThu, Nov 12 · 06:15 PM CST

ModifiedTue, May 19 · 01:37 PM CDT

Open article ↗

Thu, Feb 23 · 12:15 PM CST

CVE-2022-2504

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection. This issue affects SDD-Baro: before 2.8.432.

CVECVE-2022-2504

SeverityCRITICAL

TypeUPDATED

PublishedThu, Feb 23 · 12:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Fri, Dec 02 · 12:15 PM CST

CVE-2022-2807

9.8/10 · Must read/watch

NVDvuln

Summary
SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection. This issue affects Prens Student Information System: before 2.1.11.

CVECVE-2022-2807

SeverityCRITICAL

TypeUPDATED

PublishedFri, Dec 02 · 12:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Mar 07 · 09:15 AM CST

CVE-2022-3760

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med. This issue affects Mia-Med: before 1.0.0.58.

CVECVE-2022-3760

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 07 · 09:15 AM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Jan 10 · 02:15 PM CST

CVE-2022-3792

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection. This issue affects GullsEye terminal operating system: from unspecified before 5.0.13.

CVECVE-2022-3792

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jan 10 · 02:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Jan 10 · 02:15 PM CST

CVE-2022-4422

9.8/10 · Must read/watch

NVDvuln

Summary
Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0

CVECVE-2022-4422

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jan 10 · 02:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Fri, Feb 09 · 02:15 PM CST

CVE-2023-6677

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2.

CVECVE-2023-6677

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 09 · 02:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Thu, Feb 15 · 04:15 PM CST

CVE-2023-7081

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection. This issue affects Online Payment System: before 14.02.2024.

CVECVE-2023-7081

SeverityCRITICAL

TypeUPDATED

PublishedThu, Feb 15 · 04:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Tue, Mar 05 · 01:15 PM CST

CVE-2023-7103

9.8/10 · Must read/watch

NVDvuln

Summary
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass. This issue affects UFace 5: through 12022024.

CVECVE-2023-7103

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 05 · 01:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Fri, Feb 27 · 12:16 PM CST

CVE-2026-24352

9.8/10 · Must read/watch

NVDvuln

Summary
PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this vulnerability, but did

CVECVE-2026-24352

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 27 · 12:16 PM CST

ModifiedTue, May 19 · 10:16 PM CDT

Open article ↗

Thu, Mar 05 · 07:16 AM CST

CVE-2026-2743

9.8/10 · Must read/watch

NVDvuln

Summary
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before

CVECVE-2026-2743

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 05 · 07:16 AM CST

ModifiedTue, May 19 · 08:16 PM CDT

Open article ↗

Tue, Jul 11 · 06:15 PM CDT

CVE-2023-33150

9.6/10 · Must read/watch

NVDvuln

Summary
Microsoft Office Security Feature Bypass Vulnerability

CVECVE-2023-33150

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 11 · 06:15 PM CDT

ModifiedTue, May 19 · 06:38 PM CDT

Open article ↗

Wed, Sep 21 · 09:15 AM CDT

CVE-2022-0495

9.4/10 · Must read/watch

NVDvuln

Summary
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.

CVECVE-2022-0495

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 21 · 09:15 AM CDT

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Fri, Jul 29 · 01:15 PM CDT

CVE-2022-1277

9.4/10 · Must read/watch

NVDvuln

Summary
Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.

CVECVE-2022-1277

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jul 29 · 01:15 PM CDT

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Sep 20 · 11:15 AM CDT

CVE-2022-2177

9.4/10 · Must read/watch

NVDvuln

Summary
Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.

CVECVE-2022-2177

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 20 · 11:15 AM CDT

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Wed, Sep 21 · 08:15 AM CDT

CVE-2022-2315

9.4/10 · Must read/watch

NVDvuln

Summary
Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.

CVECVE-2022-2315

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 21 · 08:15 AM CDT

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Jan 11 · 09:15 PM CST

CVE-2022-21840

8.8/10 · Worth your time

NVDvuln

Summary
Microsoft Office Remote Code Execution Vulnerability

CVECVE-2022-21840

SeverityHIGH

TypeUPDATED

PublishedTue, Jan 11 · 09:15 PM CST

ModifiedTue, May 19 · 06:38 PM CDT

Open article ↗

Fri, Dec 02 · 12:15 PM CST

CVE-2022-2808

8.8/10 · Worth your time

NVDvuln

Summary
Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection. This issue affects Prens Student Information System: before 2.1.11.

CVECVE-2022-2808

SeverityHIGH

TypeUPDATED

PublishedFri, Dec 02 · 12:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Wed, Nov 09 · 10:15 PM CST

CVE-2022-41106

8.8/10 · Worth your time

NVDvuln

Summary
Microsoft Excel Remote Code Execution Vulnerability

CVECVE-2022-41106

SeverityHIGH

TypeUPDATED

PublishedWed, Nov 09 · 10:15 PM CST

ModifiedTue, May 19 · 06:38 PM CDT

Open article ↗

Wed, Feb 22 · 07:15 AM CST

CVE-2023-26314

8.8/10 · Worth your time

NVDvuln

Summary
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

CVECVE-2023-26314

SeverityHIGH

TypeUPDATED

PublishedWed, Feb 22 · 07:15 AM CST

ModifiedWed, May 20 · 02:16 AM CDT

Open article ↗

Fri, Feb 02 · 01:15 PM CST

CVE-2023-6676

8.8/10 · Worth your time

NVDvuln

Summary
Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery. This issue affects CyberMath: from v1.4 before v1.5.

CVECVE-2023-6676

SeverityHIGH

TypeUPDATED

PublishedFri, Feb 02 · 01:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Fri, Feb 09 · 01:15 PM CST

CVE-2023-6724

8.8/10 · Worth your time

NVDvuln

Summary
Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.

CVECVE-2023-6724

SeverityHIGH

TypeUPDATED

PublishedFri, Feb 09 · 01:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Tue, Jun 11 · 05:15 PM CDT

CVE-2024-30103

8.8/10 · Worth your time

NVDvuln

Summary
Microsoft Outlook Remote Code Execution Vulnerability

CVECVE-2024-30103

SeverityHIGH

TypeUPDATED

PublishedTue, Jun 11 · 05:15 PM CDT

ModifiedTue, May 19 · 06:38 PM CDT

Open article ↗

Wed, Nov 16 · 12:15 PM CST

CVE-2022-24036

8.6/10 · Worth your time

NVDvuln

Summary
Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs.

CVECVE-2022-24036

SeverityHIGH

TypeUPDATED

PublishedWed, Nov 16 · 12:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Fri, Mar 13 · 07:53 PM CDT

CVE-2025-13777

8.3/10 · Worth your time

NVDvuln

Summary
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

CVECVE-2025-13777

SeverityHIGH

TypeUPDATED

PublishedFri, Mar 13 · 07:53 PM CDT

ModifiedTue, May 19 · 03:06 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.