Archive snapshot

Sat, May 23 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Sat, May 23 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Sat, 23 May 2026 13:05:13 +0530

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

9.8/10 · Must read/watch

The Hacker Newsvuln

Summary
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attack

Open article ↗

Sat, 23 May 2026 12:53:48 +0530

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

9.3/10 · Must read/watch

The Hacker Newsvulnpolicy

Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in ques

Open article ↗

Sat, 23 May 2026 15:21:13 +0530

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

8.9/10 · Worth your time

The Hacker Newssupply-chainaiidentity

Summary
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang l

Open article ↗

Sat, May 23 · 06:00 AM CDT

Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning

8.5/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 06:00 AM CDT

China-Linked Webworm APT Evolves Tactics, Expands to European Targets

8.1/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Sat, May 23 · 06:00 AM CDT

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

8.0/10 · Worth your time

Infosecurity Magazinesupply-chain

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 06:00 AM CDT

Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 06:00 AM CDT

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

8.0/10 · Worth your time

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 06:00 AM CDT

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

8.0/10 · Worth your time

Infosecurity Magazinesupply-chain

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 06:00 AM CDT

Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Mon, Apr 17 · 12:15 PM CDT

CVE-2023-1723

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection.This issue affects Mobile Assistant: before 21.S.2343.

CVECVE-2023-1723

SeverityCRITICAL

TypeUPDATED

PublishedMon, Apr 17 · 12:15 PM CDT

ModifiedThu, Nov 21 · 07:39 AM CST

Open article ↗

Thu, Mar 30 · 03:15 PM CDT

CVE-2023-1725

9.8/10 · Must read/watch

NVDvuln

Summary
Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.This issue affects Project Management System: before 4.09.31.125.

CVECVE-2023-1725

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 30 · 03:15 PM CDT

ModifiedThu, Nov 21 · 07:39 AM CST

Open article ↗

Tue, Apr 04 · 09:15 AM CDT

CVE-2023-1728

9.8/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.This issue affects LMS: before 23.04.03.

CVECVE-2023-1728

SeverityCRITICAL

TypeUPDATED

PublishedTue, Apr 04 · 09:15 AM CDT

ModifiedThu, Nov 21 · 07:39 AM CST

Open article ↗

Mon, Apr 03 · 02:15 PM CDT

CVE-2023-1765

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection.This issue affects Panon: before 1.0.2.

CVECVE-2023-1765

SeverityCRITICAL

TypeUPDATED

PublishedMon, Apr 03 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:39 AM CST

Open article ↗

Fri, Apr 14 · 02:15 PM CDT

CVE-2023-1803

9.8/10 · Must read/watch

NVDvuln

Summary
Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.

CVECVE-2023-1803

SeverityCRITICAL

TypeUPDATED

PublishedFri, Apr 14 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:39 AM CST

Open article ↗

Fri, Apr 14 · 02:15 PM CDT

CVE-2023-1833

9.8/10 · Must read/watch

NVDvuln

Summary
Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.

CVECVE-2023-1833

SeverityCRITICAL

TypeUPDATED

PublishedFri, Apr 14 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:39 AM CST

Open article ↗

Fri, Apr 14 · 09:15 AM CDT

CVE-2023-1863

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection.This issue affects Water Metering Software: before 23.04.06.

CVECVE-2023-1863

SeverityCRITICAL

TypeUPDATED

PublishedFri, Apr 14 · 09:15 AM CDT

ModifiedThu, Nov 21 · 07:40 AM CST

Open article ↗

Mon, Apr 17 · 02:15 PM CDT

CVE-2023-1873

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faturamatik Bircard allows SQL Injection.This issue affects Bircard: before 23.04.05.

CVECVE-2023-1873

SeverityCRITICAL

TypeUPDATED

PublishedMon, Apr 17 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:40 AM CST

Open article ↗

Wed, May 24 · 02:15 PM CDT

CVE-2023-2045

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection.This issue affects Auto Damage Tracking Software: before 4.

CVECVE-2023-2045

SeverityCRITICAL

TypeUPDATED

PublishedWed, May 24 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:57 AM CST

Open article ↗

Mon, Jul 10 · 04:15 PM CDT

CVE-2023-2046

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection.This issue affects Vehicle Tracking System: before 8.

CVECVE-2023-2046

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 10 · 04:15 PM CDT

ModifiedThu, Nov 21 · 07:57 AM CST

Open article ↗

Wed, May 24 · 02:15 PM CDT

CVE-2023-2064

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection.This issue affects eTrace: before 23.05.20.

CVECVE-2023-2064

SeverityCRITICAL

TypeUPDATED

PublishedWed, May 24 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:57 AM CST

Open article ↗

Sat, May 20 · 10:15 AM CDT

CVE-2023-2712

9.8/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15.

CVECVE-2023-2712

SeverityCRITICAL

TypeUPDATED

PublishedSat, May 20 · 10:15 AM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Sat, May 20 · 10:15 AM CDT

CVE-2023-2713

9.8/10 · Must read/watch

NVDvuln

Summary
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15.

CVECVE-2023-2713

SeverityCRITICAL

TypeUPDATED

PublishedSat, May 20 · 10:15 AM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Wed, May 24 · 12:15 PM CDT

CVE-2023-2750

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05.

CVECVE-2023-2750

SeverityCRITICAL

TypeUPDATED

PublishedWed, May 24 · 12:15 PM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Thu, May 25 · 02:15 PM CDT

CVE-2023-2851

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.This issue affects all versions of the sofware also EOS when CVE-ID assigned.

CVECVE-2023-2851

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 25 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Mon, Jul 10 · 04:15 PM CDT

CVE-2023-2852

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection.This issue affects SelfPatron : before 2.0.

CVECVE-2023-2852

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 10 · 04:15 PM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Thu, May 25 · 09:15 AM CDT

CVE-2023-2882

9.8/10 · Must read/watch

NVDvuln

Summary
Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVECVE-2023-2882

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 25 · 09:15 AM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Thu, May 25 · 09:15 AM CDT

CVE-2023-2884

9.8/10 · Must read/watch

NVDvuln

Summary
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVECVE-2023-2884

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 25 · 09:15 AM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Thu, May 25 · 09:15 AM CDT

CVE-2023-2887

9.8/10 · Must read/watch

NVDvuln

Summary
Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVECVE-2023-2887

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 25 · 09:15 AM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Wed, Nov 22 · 02:15 PM CST

CVE-2023-2889

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection.This issue affects Service Tracking Software: before crm 2.0.

CVECVE-2023-2889

SeverityCRITICAL

TypeUPDATED

PublishedWed, Nov 22 · 02:15 PM CST

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Mon, Jun 19 · 01:15 PM CDT

CVE-2023-2907

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.

CVECVE-2023-2907

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jun 19 · 01:15 PM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Thu, Jul 13 · 08:15 AM CDT

CVE-2023-2957

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.This issue affects Florist Site: before 3.0.

CVECVE-2023-2957

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jul 13 · 08:15 AM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Mon, Jul 17 · 03:15 PM CDT

CVE-2023-2958

9.8/10 · Must read/watch

NVDvuln

Summary
Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714.

CVECVE-2023-2958

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 17 · 03:15 PM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Tue, Aug 12 · 06:15 PM CDT

CVE-2025-53766

9.8/10 · Must read/watch

NVDvuln

Summary
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.

CVECVE-2025-53766

SeverityCRITICAL

TypeUPDATED

PublishedTue, Aug 12 · 06:15 PM CDT

ModifiedThu, Aug 14 · 05:11 PM CDT

Open article ↗

Tue, Nov 11 · 06:15 PM CST

CVE-2025-60724

9.8/10 · Must read/watch

NVDvuln

Summary
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

CVECVE-2025-60724

SeverityCRITICAL

TypeUPDATED

PublishedTue, Nov 11 · 06:15 PM CST

ModifiedMon, Nov 17 · 05:40 PM CST

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.