Archive snapshot

Sat, May 23 · 12:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Sat, May 23 · 12:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Sat, 23 May 2026 22:05:10 +0530

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

9.8/10 · Must read/watch

The Hacker Newssupply-chainai

Summary
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the fe

Open article ↗

Sat, 23 May 2026 21:37:51 +0530

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

9.8/10 · Must read/watch

The Hacker Newsmalwaresupply-chainai

Summary
A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious co

Open article ↗

Sat, 23 May 2026 17:25:35 +0530

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

8.6/10 · Worth your time

The Hacker Newsai

Summary
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last mon

Open article ↗

Sat, May 23 · 12:00 PM CDT

Grafana Labs Says Code Breach Stemmed from TanStack Attack

8.1/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 11:03 AM CDT

Italy Cancels Boeing Pegasus Order, Shifting to Airbus A330 MRTT

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 57 minutes ago.

Open article ↗

Worth skimming

Sat, May 23 · 11:00 AM CDT

AI Engineering from Scratch

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Sat, May 23 · 12:00 PM CDT

Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 12:00 PM CDT

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

8.0/10 · Worth your time

Infosecurity Magazinesupply-chain

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 12:00 PM CDT

Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 12:00 PM CDT

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

8.0/10 · Worth your time

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Mon, Apr 17 · 12:15 PM CDT

CVE-2023-1723

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection.This issue affects Mobile Assistant: before 21.S.2343.

CVECVE-2023-1723

SeverityCRITICAL

TypeUPDATED

PublishedMon, Apr 17 · 12:15 PM CDT

ModifiedThu, Nov 21 · 07:39 AM CST

Open article ↗

Thu, Mar 30 · 03:15 PM CDT

CVE-2023-1725

9.8/10 · Must read/watch

NVDvuln

Summary
Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.This issue affects Project Management System: before 4.09.31.125.

CVECVE-2023-1725

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 30 · 03:15 PM CDT

ModifiedThu, Nov 21 · 07:39 AM CST

Open article ↗

Tue, Apr 04 · 09:15 AM CDT

CVE-2023-1728

9.8/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.This issue affects LMS: before 23.04.03.

CVECVE-2023-1728

SeverityCRITICAL

TypeUPDATED

PublishedTue, Apr 04 · 09:15 AM CDT

ModifiedThu, Nov 21 · 07:39 AM CST

Open article ↗

Mon, Apr 03 · 02:15 PM CDT

CVE-2023-1765

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection.This issue affects Panon: before 1.0.2.

CVECVE-2023-1765

SeverityCRITICAL

TypeUPDATED

PublishedMon, Apr 03 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:39 AM CST

Open article ↗

Fri, Apr 14 · 02:15 PM CDT

CVE-2023-1803

9.8/10 · Must read/watch

NVDvuln

Summary
Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.

CVECVE-2023-1803

SeverityCRITICAL

TypeUPDATED

PublishedFri, Apr 14 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:39 AM CST

Open article ↗

Fri, Apr 14 · 02:15 PM CDT

CVE-2023-1833

9.8/10 · Must read/watch

NVDvuln

Summary
Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.

CVECVE-2023-1833

SeverityCRITICAL

TypeUPDATED

PublishedFri, Apr 14 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:39 AM CST

Open article ↗

Fri, Apr 14 · 09:15 AM CDT

CVE-2023-1863

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection.This issue affects Water Metering Software: before 23.04.06.

CVECVE-2023-1863

SeverityCRITICAL

TypeUPDATED

PublishedFri, Apr 14 · 09:15 AM CDT

ModifiedThu, Nov 21 · 07:40 AM CST

Open article ↗

Mon, Apr 17 · 02:15 PM CDT

CVE-2023-1873

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faturamatik Bircard allows SQL Injection.This issue affects Bircard: before 23.04.05.

CVECVE-2023-1873

SeverityCRITICAL

TypeUPDATED

PublishedMon, Apr 17 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:40 AM CST

Open article ↗

Wed, May 24 · 02:15 PM CDT

CVE-2023-2045

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection.This issue affects Auto Damage Tracking Software: before 4.

CVECVE-2023-2045

SeverityCRITICAL

TypeUPDATED

PublishedWed, May 24 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:57 AM CST

Open article ↗

Mon, Jul 10 · 04:15 PM CDT

CVE-2023-2046

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection.This issue affects Vehicle Tracking System: before 8.

CVECVE-2023-2046

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 10 · 04:15 PM CDT

ModifiedThu, Nov 21 · 07:57 AM CST

Open article ↗

Wed, May 24 · 02:15 PM CDT

CVE-2023-2064

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection.This issue affects eTrace: before 23.05.20.

CVECVE-2023-2064

SeverityCRITICAL

TypeUPDATED

PublishedWed, May 24 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:57 AM CST

Open article ↗

Sat, May 20 · 10:15 AM CDT

CVE-2023-2712

9.8/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15.

CVECVE-2023-2712

SeverityCRITICAL

TypeUPDATED

PublishedSat, May 20 · 10:15 AM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Sat, May 20 · 10:15 AM CDT

CVE-2023-2713

9.8/10 · Must read/watch

NVDvuln

Summary
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15.

CVECVE-2023-2713

SeverityCRITICAL

TypeUPDATED

PublishedSat, May 20 · 10:15 AM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Wed, May 24 · 12:15 PM CDT

CVE-2023-2750

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05.

CVECVE-2023-2750

SeverityCRITICAL

TypeUPDATED

PublishedWed, May 24 · 12:15 PM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Thu, May 25 · 02:15 PM CDT

CVE-2023-2851

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.This issue affects all versions of the sofware also EOS when CVE-ID assigned.

CVECVE-2023-2851

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 25 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Mon, Jul 10 · 04:15 PM CDT

CVE-2023-2852

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection.This issue affects SelfPatron : before 2.0.

CVECVE-2023-2852

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 10 · 04:15 PM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Thu, May 25 · 09:15 AM CDT

CVE-2023-2882

9.8/10 · Must read/watch

NVDvuln

Summary
Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVECVE-2023-2882

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 25 · 09:15 AM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Thu, May 25 · 09:15 AM CDT

CVE-2023-2884

9.8/10 · Must read/watch

NVDvuln

Summary
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVECVE-2023-2884

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 25 · 09:15 AM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Thu, May 25 · 09:15 AM CDT

CVE-2023-2887

9.8/10 · Must read/watch

NVDvuln

Summary
Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVECVE-2023-2887

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 25 · 09:15 AM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Wed, Nov 22 · 02:15 PM CST

CVE-2023-2889

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection.This issue affects Service Tracking Software: before crm 2.0.

CVECVE-2023-2889

SeverityCRITICAL

TypeUPDATED

PublishedWed, Nov 22 · 02:15 PM CST

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Mon, Jun 19 · 01:15 PM CDT

CVE-2023-2907

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.

CVECVE-2023-2907

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jun 19 · 01:15 PM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Thu, Jul 13 · 08:15 AM CDT

CVE-2023-2957

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.This issue affects Florist Site: before 3.0.

CVECVE-2023-2957

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jul 13 · 08:15 AM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Mon, Jul 17 · 03:15 PM CDT

CVE-2023-2958

9.8/10 · Must read/watch

NVDvuln

Summary
Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714.

CVECVE-2023-2958

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 17 · 03:15 PM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Tue, Aug 12 · 06:15 PM CDT

CVE-2025-53766

9.8/10 · Must read/watch

NVDvuln

Summary
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.

CVECVE-2025-53766

SeverityCRITICAL

TypeUPDATED

PublishedTue, Aug 12 · 06:15 PM CDT

ModifiedThu, Aug 14 · 05:11 PM CDT

Open article ↗

Tue, Nov 11 · 06:15 PM CST

CVE-2025-60724

9.8/10 · Must read/watch

NVDvuln

Summary
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

CVECVE-2025-60724

SeverityCRITICAL

TypeUPDATED

PublishedTue, Nov 11 · 06:15 PM CST

ModifiedMon, Nov 17 · 05:40 PM CST

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.