Archive snapshot

Tue, May 26 · 12:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Tue, May 26 · 12:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Tue, May 26 · 12:00 PM CDT

Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception

9.8/10 · Must read/watch

Infosecurity Magazineidentity

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, 26 May 2026 17:19:53 +0530

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

9.7/10 · Must read/watch

The Hacker Newsvuln

Summary
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a

Open article ↗

Tue, May 26 · 12:00 PM CDT

Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign

9.4/10 · Must read/watch

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, 26 May 2026 21:18:41 +0530

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

9.4/10 · Must read/watch

The Hacker Newsai

Summary
The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, educati

Open article ↗

Tue, May 26 · 12:00 PM CDT

BTMOB Android RAT Spreads Through No-Code Builder Tooling

8.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Tue, May 26 · 12:00 PM CDT

India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws

8.4/10 · Worth your time

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, May 26 · 12:00 PM CDT

Cybercriminal VPN Dismantled in Europol Crackdown

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, May 26 · 07:00 AM CDT

Eagle 3.1: Collaboration Between the EAGLE Team, vLLM Team, and TorchSpec Team

8.2/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 5 hours ago.

Open article ↗

Tue, May 26 · 09:00 AM CDT

Spain blocks prediction markets Polymarket, Kalshi over lack of gambling licence

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Tue, May 26 · 08:00 AM CDT

Outsourcing plus LocalAI will soon become more economical vs. Frontier labs

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Thu, Jan 29 · 03:16 PM CST

CVE-2020-37002

9.8/10 · Must read/watch

NVDvuln

Summary
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.

CVECVE-2020-37002

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jan 29 · 03:16 PM CST

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Mon, Dec 15 · 09:15 PM CST

CVE-2023-53888

8.8/10 · Worth your time

NVDvuln

Summary
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the

CVECVE-2023-53888

SeverityHIGH

TypeUPDATED

PublishedMon, Dec 15 · 09:15 PM CST

ModifiedWed, Dec 24 · 06:11 PM CST

Open article ↗

Tue, May 05 · 12:16 PM CDT

CVE-2023-54348

8.8/10 · Worth your time

NVDvuln

Summary
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious formulas like =10+20+cmd|' /C calc'!A0 in the vendor creation form, which execute when the exported CSV file is opened in

CVECVE-2023-54348

SeverityHIGH

TypeUPDATED

PublishedTue, May 05 · 12:16 PM CDT

ModifiedTue, May 05 · 07:50 PM CDT

Open article ↗

Thu, Apr 02 · 09:16 PM CDT

CVE-2025-15620

8.6/10 · Worth your time

NVDvuln

Summary
HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through cra

CVECVE-2025-15620

SeverityHIGH

TypeUPDATED

PublishedThu, Apr 02 · 09:16 PM CDT

ModifiedFri, Apr 03 · 11:17 PM CDT

Open article ↗

Thu, Apr 02 · 08:16 PM CDT

CVE-2023-7343

7.8/10 · Worth your time

NVDvuln

Summary
HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain fu

CVECVE-2023-7343

SeverityHIGH

TypeUPDATED

PublishedThu, Apr 02 · 08:16 PM CDT

ModifiedFri, Apr 03 · 11:17 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2021-47942

7.5/10 · Worth your time

NVDvuln

Summary
Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh tokens, then craft valid JWT to

CVECVE-2021-47942

SeverityHIGH

TypeUPDATED

PublishedSat, May 16 · 04:16 PM CDT

ModifiedMon, May 18 · 08:16 PM CDT

Open article ↗

Thu, Apr 02 · 09:16 PM CDT

CVE-2024-14033

7.5/10 · Worth your time

NVDvuln

Summary
Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface.

CVECVE-2024-14033

SeverityHIGH

TypeUPDATED

PublishedThu, Apr 02 · 09:16 PM CDT

ModifiedFri, Apr 03 · 11:17 PM CDT

Open article ↗

Mon, May 04 · 07:16 PM CDT

CVE-2026-25863

7.5/10 · Worth your time

NVDvuln

Summary
Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fields_regex_callback() method reads an iteration count directly from user-supplied POST parameters without validation or upp

CVECVE-2026-25863

SeverityHIGH

TypeUPDATED

PublishedMon, May 04 · 07:16 PM CDT

ModifiedTue, May 05 · 07:47 PM CDT

Open article ↗

Thu, Apr 23 · 09:16 PM CDT

CVE-2026-28525

6.8/10 · Skim only if relevant

NVDvuln

Summary
SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing. Attackers can trigger an

CVECVE-2026-28525

SeverityMEDIUM

TypeUPDATED

PublishedThu, Apr 23 · 09:16 PM CDT

ModifiedFri, Apr 24 · 02:50 PM CDT

Open article ↗

Mon, Mar 16 · 02:19 PM CDT

CVE-2026-28522

6.5/10 · Skim only if relevant

NVDvuln

Summary
arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulting in a denial-of-servi

CVECVE-2026-28522

SeverityMEDIUM

TypeUPDATED

PublishedMon, Mar 16 · 02:19 PM CDT

ModifiedTue, Mar 17 · 08:27 PM CDT

Open article ↗

Sun, May 10 · 01:16 PM CDT

CVE-2022-50954

6.2/10 · Skim only if relevant

NVDvuln

Summary
WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to include and execute files

CVECVE-2022-50954

SeverityMEDIUM

TypeUPDATED

PublishedSun, May 10 · 01:16 PM CDT

ModifiedTue, May 12 · 02:24 PM CDT

Open article ↗

Sat, Apr 04 · 02:16 PM CDT

CVE-2018-25247

6.1/10 · Skim only if relevant

NVDvuln

Summary
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile, where liked posts are

CVECVE-2018-25247

SeverityMEDIUM

TypeUPDATED

PublishedSat, Apr 04 · 02:16 PM CDT

ModifiedMon, Apr 20 · 02:30 PM CDT

Open article ↗

Wed, Apr 22 · 04:16 PM CDT

CVE-2018-25269

6.1/10 · Skim only if relevant

NVDvuln

Summary
ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the email is viewed, com

CVECVE-2018-25269

SeverityMEDIUM

TypeUPDATED

PublishedWed, Apr 22 · 04:16 PM CDT

ModifiedWed, Apr 29 · 11:22 PM CDT

Open article ↗

Fri, Jan 16 · 07:16 PM CST

CVE-2021-47836

6.1/10 · Skim only if relevant

NVDvuln

Summary
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads to execute remote commands and potentially gain system access.

CVECVE-2021-47836

SeverityMEDIUM

TypeUPDATED

PublishedFri, Jan 16 · 07:16 PM CST

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Thu, Oct 16 · 06:15 PM CDT

CVE-2025-34512

6.1/10 · Skim only if relevant

NVDvuln

Summary
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

CVECVE-2025-34512

SeverityMEDIUM

TypeUPDATED

PublishedThu, Oct 16 · 06:15 PM CDT

ModifiedThu, Oct 23 · 07:33 PM CDT

Open article ↗

Wed, Jan 21 · 06:16 PM CST

CVE-2021-47817

5.4/10 · Skim only if relevant

NVDvuln

Summary
OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execution on the vulnerab

CVECVE-2021-47817

SeverityMEDIUM

TypeUPDATED

PublishedWed, Jan 21 · 06:16 PM CST

ModifiedMon, Feb 02 · 05:40 PM CST

Open article ↗

Thu, May 21 · 10:16 PM CDT

CVE-2026-22678

5.4/10 · Skim only if relevant

NVDvuln

Summary
Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary commands by injecting unsanitized input stored in save_tmpl.cgi and rendered unescaped in list_t

CVECVE-2026-22678

SeverityMEDIUM

TypeUPDATED

PublishedThu, May 21 · 10:16 PM CDT

ModifiedThu, May 21 · 10:16 PM CDT

Open article ↗

Sun, May 17 · 01:16 PM CDT

CVE-2018-25336

5.3/10 · Skim only if relevant

NVDvuln

Summary
Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details when victims visi

CVECVE-2018-25336

SeverityMEDIUM

TypeUPDATED

PublishedSun, May 17 · 01:16 PM CDT

ModifiedMon, May 18 · 05:28 PM CDT

Open article ↗

Tue, Feb 24 · 11:16 PM CST

CVE-2026-26351

4.8/10 · Skip

NVDvuln

Summary
GetSimpleCMS Community Edition (CE) version 3.3.16 contains a stored cross-site scripting (XSS) vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encoding. While other fields are sanitized using s

CVECVE-2026-26351

SeverityMEDIUM

TypeUPDATED

PublishedTue, Feb 24 · 11:16 PM CST

ModifiedThu, Feb 26 · 10:01 PM CST

Open article ↗

Wed, Aug 20 · 04:15 PM CDT

CVE-2010-20042

4.8/10 · Skip

NVDvuln

Summary
Xion Audio Player versions prior to 1.0.126 are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arb

CVECVE-2010-20042

SeverityUNKNOWN

TypeUPDATED

PublishedWed, Aug 20 · 04:15 PM CDT

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Tue, Aug 05 · 08:15 PM CDT

CVE-2012-10024

4.8/10 · Skip

NVDvuln

Summary
XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An

CVECVE-2012-10024

SeverityUNKNOWN

TypeUPDATED

PublishedTue, Aug 05 · 08:15 PM CDT

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Tue, Aug 05 · 08:15 PM CDT

CVE-2012-10032

4.8/10 · Skip

NVDvuln

Summary
Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification of browser configuration and execut

CVECVE-2012-10032

SeverityUNKNOWN

TypeUPDATED

PublishedTue, Aug 05 · 08:15 PM CDT

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Tue, Aug 05 · 08:15 PM CDT

CVE-2013-10068

4.8/10 · Skip

NVDvuln

Summary
Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can overflow a buffer, allowing remote attackers to execute arbit

CVECVE-2013-10068

SeverityUNKNOWN

TypeUPDATED

PublishedTue, Aug 05 · 08:15 PM CDT

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Thu, Dec 04 · 09:16 PM CST

CVE-2025-66572

4.8/10 · Skip

NVDvuln

Summary
Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter.

CVECVE-2025-66572

SeverityUNKNOWN

TypeUPDATED

PublishedThu, Dec 04 · 09:16 PM CST

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Mon, Jan 05 · 10:15 PM CST

CVE-2026-0625

4.8/10 · Skip

NVDvuln

Summary
Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without vali

CVECVE-2026-0625

SeverityUNKNOWN

TypeUPDATED

PublishedMon, Jan 05 · 10:15 PM CST

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.