Archive snapshot

Wed, May 27 · 12:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Wed, May 27 · 12:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

3

NVD vulnerabilities

25

Top stories

Wed, May 27 · 12:00 AM CDT

Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception

8.9/10 · Worth your time

Infosecurity Magazineidentity

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 27 · 12:00 AM CDT

Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign

8.5/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 27 · 12:00 AM CDT

Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 27 · 12:00 AM CDT

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

8.0/10 · Worth your time

Infosecurity Magazinesupply-chain

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 27 · 12:00 AM CDT

BTMOB Android RAT Spreads Through No-Code Builder Tooling

7.8/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Wed, May 27 · 12:00 AM CDT

Cybercriminal VPN Dismantled in Europol Crackdown

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 27 · 12:00 AM CDT

Three-Quarters of Firms Knowingly Ship Vulnerable Code

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 27 · 12:00 AM CDT

Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, May 27 · 12:00 AM CDT

FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens

7.6/10 · Worth your time

Infosecurity Magazineidentity

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, May 26 · 11:00 PM CDT

The just-say-no engineer was a ZIRP phenomenon

7.6/10 · Worth your time

Hacker Newsgeneral

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Videos worth watching

Tue, May 26 · 12:37 PM CDT

ContinuumCon Teaser: solst/ice, Zack Korman, & Spencer Alessi!!

7.6/10 · Worth your time

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
Livestream with @IceSolst @ZackKorman and @techspence ahead of ContinuumCon 2026! June 12 -14: the cybersecurity conference that never ends. https://continuu...

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

Tue, May 26 · 04:09 PM CDT

Payload Podcast 007 with Andy Piazza (klrgrz)

6.8/10 · Skim only if relevant

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/trainingSee what else I'm up to with: https://jh.live/newsletterℹ️ Resources:See wha...

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NahamSec

6.6/10 · Skim only if relevant

YouTube / NahamSecgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
HACK THE PLANET!! Hi! I'm NahamSec. I think everyone can be a hacker and I'm on a mission to prove that!

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Thu, Jan 29 · 03:16 PM CST

CVE-2020-37002

9.8/10 · Must read/watch

NVDvuln

Summary
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.

CVECVE-2020-37002

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jan 29 · 03:16 PM CST

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Mon, Dec 15 · 09:15 PM CST

CVE-2023-53888

8.8/10 · Worth your time

NVDvuln

Summary
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the

CVECVE-2023-53888

SeverityHIGH

TypeUPDATED

PublishedMon, Dec 15 · 09:15 PM CST

ModifiedWed, Dec 24 · 06:11 PM CST

Open article ↗

Tue, May 05 · 12:16 PM CDT

CVE-2023-54348

8.8/10 · Worth your time

NVDvuln

Summary
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious formulas like =10+20+cmd|' /C calc'!A0 in the vendor creation form, which execute when the exported CSV file is opened in

CVECVE-2023-54348

SeverityHIGH

TypeUPDATED

PublishedTue, May 05 · 12:16 PM CDT

ModifiedTue, May 05 · 07:50 PM CDT

Open article ↗

Thu, Apr 02 · 09:16 PM CDT

CVE-2025-15620

8.6/10 · Worth your time

NVDvuln

Summary
HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through cra

CVECVE-2025-15620

SeverityHIGH

TypeUPDATED

PublishedThu, Apr 02 · 09:16 PM CDT

ModifiedFri, Apr 03 · 11:17 PM CDT

Open article ↗

Thu, Apr 02 · 08:16 PM CDT

CVE-2023-7343

7.8/10 · Worth your time

NVDvuln

Summary
HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain fu

CVECVE-2023-7343

SeverityHIGH

TypeUPDATED

PublishedThu, Apr 02 · 08:16 PM CDT

ModifiedFri, Apr 03 · 11:17 PM CDT

Open article ↗

Sat, May 16 · 04:16 PM CDT

CVE-2021-47942

7.5/10 · Worth your time

NVDvuln

Summary
Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh tokens, then craft valid JWT to

CVECVE-2021-47942

SeverityHIGH

TypeUPDATED

PublishedSat, May 16 · 04:16 PM CDT

ModifiedMon, May 18 · 08:16 PM CDT

Open article ↗

Thu, Apr 02 · 09:16 PM CDT

CVE-2024-14033

7.5/10 · Worth your time

NVDvuln

Summary
Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface.

CVECVE-2024-14033

SeverityHIGH

TypeUPDATED

PublishedThu, Apr 02 · 09:16 PM CDT

ModifiedFri, Apr 03 · 11:17 PM CDT

Open article ↗

Mon, May 04 · 07:16 PM CDT

CVE-2026-25863

7.5/10 · Worth your time

NVDvuln

Summary
Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fields_regex_callback() method reads an iteration count directly from user-supplied POST parameters without validation or upp

CVECVE-2026-25863

SeverityHIGH

TypeUPDATED

PublishedMon, May 04 · 07:16 PM CDT

ModifiedTue, May 05 · 07:47 PM CDT

Open article ↗

Thu, Apr 23 · 09:16 PM CDT

CVE-2026-28525

6.8/10 · Skim only if relevant

NVDvuln

Summary
SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing. Attackers can trigger an

CVECVE-2026-28525

SeverityMEDIUM

TypeUPDATED

PublishedThu, Apr 23 · 09:16 PM CDT

ModifiedFri, Apr 24 · 02:50 PM CDT

Open article ↗

Mon, Mar 16 · 02:19 PM CDT

CVE-2026-28522

6.5/10 · Skim only if relevant

NVDvuln

Summary
arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulting in a denial-of-servi

CVECVE-2026-28522

SeverityMEDIUM

TypeUPDATED

PublishedMon, Mar 16 · 02:19 PM CDT

ModifiedTue, Mar 17 · 08:27 PM CDT

Open article ↗

Sun, May 10 · 01:16 PM CDT

CVE-2022-50954

6.2/10 · Skim only if relevant

NVDvuln

Summary
WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to include and execute files

CVECVE-2022-50954

SeverityMEDIUM

TypeUPDATED

PublishedSun, May 10 · 01:16 PM CDT

ModifiedTue, May 12 · 02:24 PM CDT

Open article ↗

Sat, Apr 04 · 02:16 PM CDT

CVE-2018-25247

6.1/10 · Skim only if relevant

NVDvuln

Summary
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile, where liked posts are

CVECVE-2018-25247

SeverityMEDIUM

TypeUPDATED

PublishedSat, Apr 04 · 02:16 PM CDT

ModifiedMon, Apr 20 · 02:30 PM CDT

Open article ↗

Wed, Apr 22 · 04:16 PM CDT

CVE-2018-25269

6.1/10 · Skim only if relevant

NVDvuln

Summary
ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the email is viewed, com

CVECVE-2018-25269

SeverityMEDIUM

TypeUPDATED

PublishedWed, Apr 22 · 04:16 PM CDT

ModifiedWed, Apr 29 · 11:22 PM CDT

Open article ↗

Fri, Jan 16 · 07:16 PM CST

CVE-2021-47836

6.1/10 · Skim only if relevant

NVDvuln

Summary
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads to execute remote commands and potentially gain system access.

CVECVE-2021-47836

SeverityMEDIUM

TypeUPDATED

PublishedFri, Jan 16 · 07:16 PM CST

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Thu, Oct 16 · 06:15 PM CDT

CVE-2025-34512

6.1/10 · Skim only if relevant

NVDvuln

Summary
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

CVECVE-2025-34512

SeverityMEDIUM

TypeUPDATED

PublishedThu, Oct 16 · 06:15 PM CDT

ModifiedThu, Oct 23 · 07:33 PM CDT

Open article ↗

Wed, Jan 21 · 06:16 PM CST

CVE-2021-47817

5.4/10 · Skim only if relevant

NVDvuln

Summary
OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execution on the vulnerab

CVECVE-2021-47817

SeverityMEDIUM

TypeUPDATED

PublishedWed, Jan 21 · 06:16 PM CST

ModifiedMon, Feb 02 · 05:40 PM CST

Open article ↗

Thu, May 21 · 10:16 PM CDT

CVE-2026-22678

5.4/10 · Skim only if relevant

NVDvuln

Summary
Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary commands by injecting unsanitized input stored in save_tmpl.cgi and rendered unescaped in list_t

CVECVE-2026-22678

SeverityMEDIUM

TypeUPDATED

PublishedThu, May 21 · 10:16 PM CDT

ModifiedThu, May 21 · 10:16 PM CDT

Open article ↗

Sun, May 17 · 01:16 PM CDT

CVE-2018-25336

5.3/10 · Skim only if relevant

NVDvuln

Summary
Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details when victims visi

CVECVE-2018-25336

SeverityMEDIUM

TypeUPDATED

PublishedSun, May 17 · 01:16 PM CDT

ModifiedMon, May 18 · 05:28 PM CDT

Open article ↗

Tue, Feb 24 · 11:16 PM CST

CVE-2026-26351

4.8/10 · Skip

NVDvuln

Summary
GetSimpleCMS Community Edition (CE) version 3.3.16 contains a stored cross-site scripting (XSS) vulnerability in the Theme to Components functionality within components.php. User-supplied input provided to the "slug" field of a component is stored without proper output encoding. While other fields are sanitized using s

CVECVE-2026-26351

SeverityMEDIUM

TypeUPDATED

PublishedTue, Feb 24 · 11:16 PM CST

ModifiedThu, Feb 26 · 10:01 PM CST

Open article ↗

Wed, Aug 20 · 04:15 PM CDT

CVE-2010-20042

4.8/10 · Skip

NVDvuln

Summary
Xion Audio Player versions prior to 1.0.126 are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arb

CVECVE-2010-20042

SeverityUNKNOWN

TypeUPDATED

PublishedWed, Aug 20 · 04:15 PM CDT

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Tue, Aug 05 · 08:15 PM CDT

CVE-2012-10024

4.8/10 · Skip

NVDvuln

Summary
XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An

CVECVE-2012-10024

SeverityUNKNOWN

TypeUPDATED

PublishedTue, Aug 05 · 08:15 PM CDT

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Tue, Aug 05 · 08:15 PM CDT

CVE-2012-10032

4.8/10 · Skip

NVDvuln

Summary
Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification of browser configuration and execut

CVECVE-2012-10032

SeverityUNKNOWN

TypeUPDATED

PublishedTue, Aug 05 · 08:15 PM CDT

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Tue, Aug 05 · 08:15 PM CDT

CVE-2013-10068

4.8/10 · Skip

NVDvuln

Summary
Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can overflow a buffer, allowing remote attackers to execute arbit

CVECVE-2013-10068

SeverityUNKNOWN

TypeUPDATED

PublishedTue, Aug 05 · 08:15 PM CDT

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Thu, Dec 04 · 09:16 PM CST

CVE-2025-66572

4.8/10 · Skip

NVDvuln

Summary
Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter.

CVECVE-2025-66572

SeverityUNKNOWN

TypeUPDATED

PublishedThu, Dec 04 · 09:16 PM CST

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Mon, Jan 05 · 10:15 PM CST

CVE-2026-0625

4.8/10 · Skip

NVDvuln

Summary
Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without vali

CVECVE-2026-0625

SeverityUNKNOWN

TypeUPDATED

PublishedMon, Jan 05 · 10:15 PM CST

ModifiedWed, Apr 15 · 12:35 AM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.