Archive snapshot

Thu, May 21 · 12:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Thu, May 21 · 12:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

2

NVD vulnerabilities

25

Top stories

Thu, 21 May 2026 09:57:01 +0530

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

9.8/10 · Must read/watch

The Hacker Newssupply-chain

Summary
GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension.  The development co

Open article ↗

Thu, May 21 · 12:00 AM CDT

Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

8.9/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 21 · 12:00 AM CDT

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

8.9/10 · Worth your time

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 20 · 10:00 PM CDT

OpenAI to confidentially file for IPO as soon as Friday

8.9/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 2 hours ago.

Open article ↗

Thu, May 21 · 12:00 AM CDT

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

8.5/10 · Worth your time

Infosecurity Magazinesupply-chain

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Thu, May 21 · 12:00 AM CDT

Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector

8.5/10 · Worth your time

Infosecurity Magazinevulnidentity

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 20 · 06:00 PM CDT

Anthropic is expanding to Colossus2. Will use GB200

8.4/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 6 hours ago.

Open article ↗

Thu, May 21 · 12:00 AM CDT

Interpol Launches Sweeping Cybercrime Crackdown in MENA Region

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 21 · 12:00 AM CDT

China-Linked Webworm APT Evolves Tactics, Expands to European Targets

8.1/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, 21 May 2026 09:14:11 +0530

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

8.1/10 · Worth your time

The Hacker Newsvuln

Summary
Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-202

Open article ↗

Videos worth watching

John Hammond

6.8/10 · Skim only if relevant

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
Free Cybersecurity Education and Ethical Hacking.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NahamSec

6.6/10 · Skim only if relevant

YouTube / NahamSecgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
HACK THE PLANET!! Hi! I'm NahamSec. I think everyone can be a hacker and I'm on a mission to prove that!

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Thu, Nov 12 · 06:15 PM CST

CVE-2020-28271

9.8/10 · Must read/watch

NVDvuln

Summary
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.

CVECVE-2020-28271

SeverityCRITICAL

TypeUPDATED

PublishedThu, Nov 12 · 06:15 PM CST

ModifiedTue, May 19 · 01:37 PM CDT

Open article ↗

Thu, Feb 23 · 12:15 PM CST

CVE-2022-2504

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection. This issue affects SDD-Baro: before 2.8.432.

CVECVE-2022-2504

SeverityCRITICAL

TypeUPDATED

PublishedThu, Feb 23 · 12:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Fri, Dec 02 · 12:15 PM CST

CVE-2022-2807

9.8/10 · Must read/watch

NVDvuln

Summary
SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection. This issue affects Prens Student Information System: before 2.1.11.

CVECVE-2022-2807

SeverityCRITICAL

TypeUPDATED

PublishedFri, Dec 02 · 12:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Mar 07 · 09:15 AM CST

CVE-2022-3760

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med. This issue affects Mia-Med: before 1.0.0.58.

CVECVE-2022-3760

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 07 · 09:15 AM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Jan 10 · 02:15 PM CST

CVE-2022-3792

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection. This issue affects GullsEye terminal operating system: from unspecified before 5.0.13.

CVECVE-2022-3792

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jan 10 · 02:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Jan 10 · 02:15 PM CST

CVE-2022-4422

9.8/10 · Must read/watch

NVDvuln

Summary
Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0

CVECVE-2022-4422

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jan 10 · 02:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Fri, Feb 09 · 02:15 PM CST

CVE-2023-6677

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2.

CVECVE-2023-6677

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 09 · 02:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Thu, Feb 15 · 04:15 PM CST

CVE-2023-7081

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection. This issue affects Online Payment System: before 14.02.2024.

CVECVE-2023-7081

SeverityCRITICAL

TypeUPDATED

PublishedThu, Feb 15 · 04:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Tue, Mar 05 · 01:15 PM CST

CVE-2023-7103

9.8/10 · Must read/watch

NVDvuln

Summary
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass. This issue affects UFace 5: through 12022024.

CVECVE-2023-7103

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 05 · 01:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Fri, Feb 27 · 12:16 PM CST

CVE-2026-24352

9.8/10 · Must read/watch

NVDvuln

Summary
PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this vulnerability, but did

CVECVE-2026-24352

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 27 · 12:16 PM CST

ModifiedTue, May 19 · 10:16 PM CDT

Open article ↗

Thu, Mar 05 · 07:16 AM CST

CVE-2026-2743

9.8/10 · Must read/watch

NVDvuln

Summary
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before

CVECVE-2026-2743

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 05 · 07:16 AM CST

ModifiedTue, May 19 · 08:16 PM CDT

Open article ↗

Tue, Jul 11 · 06:15 PM CDT

CVE-2023-33150

9.6/10 · Must read/watch

NVDvuln

Summary
Microsoft Office Security Feature Bypass Vulnerability

CVECVE-2023-33150

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 11 · 06:15 PM CDT

ModifiedTue, May 19 · 06:38 PM CDT

Open article ↗

Wed, Sep 21 · 09:15 AM CDT

CVE-2022-0495

9.4/10 · Must read/watch

NVDvuln

Summary
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.

CVECVE-2022-0495

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 21 · 09:15 AM CDT

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Fri, Jul 29 · 01:15 PM CDT

CVE-2022-1277

9.4/10 · Must read/watch

NVDvuln

Summary
Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability.

CVECVE-2022-1277

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jul 29 · 01:15 PM CDT

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Sep 20 · 11:15 AM CDT

CVE-2022-2177

9.4/10 · Must read/watch

NVDvuln

Summary
Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.

CVECVE-2022-2177

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 20 · 11:15 AM CDT

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Wed, Sep 21 · 08:15 AM CDT

CVE-2022-2315

9.4/10 · Must read/watch

NVDvuln

Summary
Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.

CVECVE-2022-2315

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 21 · 08:15 AM CDT

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Tue, Jan 11 · 09:15 PM CST

CVE-2022-21840

8.8/10 · Worth your time

NVDvuln

Summary
Microsoft Office Remote Code Execution Vulnerability

CVECVE-2022-21840

SeverityHIGH

TypeUPDATED

PublishedTue, Jan 11 · 09:15 PM CST

ModifiedTue, May 19 · 06:38 PM CDT

Open article ↗

Fri, Dec 02 · 12:15 PM CST

CVE-2022-2808

8.8/10 · Worth your time

NVDvuln

Summary
Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection. This issue affects Prens Student Information System: before 2.1.11.

CVECVE-2022-2808

SeverityHIGH

TypeUPDATED

PublishedFri, Dec 02 · 12:15 PM CST

ModifiedWed, May 20 · 08:16 AM CDT

Open article ↗

Wed, Nov 09 · 10:15 PM CST

CVE-2022-41106

8.8/10 · Worth your time

NVDvuln

Summary
Microsoft Excel Remote Code Execution Vulnerability

CVECVE-2022-41106

SeverityHIGH

TypeUPDATED

PublishedWed, Nov 09 · 10:15 PM CST

ModifiedTue, May 19 · 06:38 PM CDT

Open article ↗

Wed, Feb 22 · 07:15 AM CST

CVE-2023-26314

8.8/10 · Worth your time

NVDvuln

Summary
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

CVECVE-2023-26314

SeverityHIGH

TypeUPDATED

PublishedWed, Feb 22 · 07:15 AM CST

ModifiedWed, May 20 · 02:16 AM CDT

Open article ↗

Fri, Feb 02 · 01:15 PM CST

CVE-2023-6676

8.8/10 · Worth your time

NVDvuln

Summary
Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery. This issue affects CyberMath: from v1.4 before v1.5.

CVECVE-2023-6676

SeverityHIGH

TypeUPDATED

PublishedFri, Feb 02 · 01:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Fri, Feb 09 · 01:15 PM CST

CVE-2023-6724

8.8/10 · Worth your time

NVDvuln

Summary
Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.

CVECVE-2023-6724

SeverityHIGH

TypeUPDATED

PublishedFri, Feb 09 · 01:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Tue, Jun 11 · 05:15 PM CDT

CVE-2024-30103

8.8/10 · Worth your time

NVDvuln

Summary
Microsoft Outlook Remote Code Execution Vulnerability

CVECVE-2024-30103

SeverityHIGH

TypeUPDATED

PublishedTue, Jun 11 · 05:15 PM CDT

ModifiedTue, May 19 · 06:38 PM CDT

Open article ↗

Wed, Nov 16 · 12:15 PM CST

CVE-2022-24036

8.6/10 · Worth your time

NVDvuln

Summary
Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs.

CVECVE-2022-24036

SeverityHIGH

TypeUPDATED

PublishedWed, Nov 16 · 12:15 PM CST

ModifiedWed, May 20 · 09:16 AM CDT

Open article ↗

Fri, Mar 13 · 07:53 PM CDT

CVE-2025-13777

8.3/10 · Worth your time

NVDvuln

Summary
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.

CVECVE-2025-13777

SeverityHIGH

TypeUPDATED

PublishedFri, Mar 13 · 07:53 PM CDT

ModifiedTue, May 19 · 03:06 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.