Archive snapshot

Thu, May 28 · 12:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Thu, May 28 · 12:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Thu, 28 May 2026 20:56:04 +0530

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

9.8/10 · Must read/watch

The Hacker Newsvulnmalwareaiidentity

Summary
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign abused trusted endpoint management infrastructure to deliver

Open article ↗

Thu, 28 May 2026 19:23:52 +0530

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

9.8/10 · Must read/watch

The Hacker Newsvulnsupply-chain

Summary
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly dis

Open article ↗

Thu, 28 May 2026 17:00:00 +0530

New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"

8.6/10 · Worth your time

The Hacker Newsai

Summary
State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI

Open article ↗

Thu, May 28 · 09:00 AM CDT

Show HN: Continue? Y/N: A 60-second game about AI agent permission fatigue

8.5/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Thu, May 28 · 12:00 PM CDT

GCHQ Chief Urges Action as AI Reshapes Cyber Threats

8.2/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Thu, May 28 · 12:00 PM CDT

Attackers Move Past Typosquatting to Realistic Package Impersonation

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 28 · 12:00 PM CDT

Microsoft Condemns "Uncoordinated" Zero Day Disclosures

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 28 · 12:00 PM CDT

New Threat Actor Jinx-0164 Targets Crypto Developers on macOS

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 28 · 08:00 AM CDT

Disagreement Among Frontier LLMs on Real-World Fact-Checks

8.2/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Thu, 28 May 2026 19:03:16 +0530

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

8.1/10 · Worth your time

The Hacker Newsai

Summary
Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod i

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Fri, May 22 · 11:16 PM CDT

CVE-2026-23652

10.0/10 · Must read/watch

NVDvuln

Summary
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.

CVECVE-2026-23652

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 22 · 11:16 PM CDT

ModifiedWed, May 27 · 05:01 PM CDT

Open article ↗

Fri, May 22 · 11:16 PM CDT

CVE-2026-40412

10.0/10 · Must read/watch

NVDvuln

Summary
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.

CVECVE-2026-40412

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 22 · 11:16 PM CDT

ModifiedWed, May 27 · 04:37 PM CDT

Open article ↗

Fri, May 22 · 11:16 PM CDT

CVE-2026-40411

9.9/10 · Must read/watch

NVDvuln

Summary
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.

CVECVE-2026-40411

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 22 · 11:16 PM CDT

ModifiedWed, May 27 · 04:47 PM CDT

Open article ↗

Mon, Nov 09 · 05:30 PM CST

CVE-2009-3555

9.8/10 · Must read/watch

NVDvuln

Summary
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and o

CVECVE-2009-3555

SeverityCRITICAL

TypeUPDATED

PublishedMon, Nov 09 · 05:30 PM CST

ModifiedWed, May 27 · 05:16 PM CDT

Open article ↗

Thu, Jul 02 · 09:59 PM CDT

CVE-2015-0192

9.8/10 · Must read/watch

NVDvuln

Summary
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

CVECVE-2015-0192

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jul 02 · 09:59 PM CDT

ModifiedWed, May 27 · 05:16 PM CDT

Open article ↗

Sun, May 17 · 01:16 PM CDT

CVE-2018-25332

9.8/10 · Must read/watch

NVDvuln

Summary
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs end

CVECVE-2018-25332

SeverityCRITICAL

TypeUPDATED

PublishedSun, May 17 · 01:16 PM CDT

ModifiedWed, May 27 · 08:44 PM CDT

Open article ↗

Tue, Jan 18 · 04:15 PM CST

CVE-2022-23305

9.8/10 · Must read/watch

NVDvuln

Summary
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or hea

CVECVE-2022-23305

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jan 18 · 04:15 PM CST

ModifiedWed, May 27 · 02:16 PM CDT

Open article ↗

Thu, May 14 · 07:16 PM CDT

CVE-2026-41315

9.8/10 · Must read/watch

NVDvuln

Summary
mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modify_crond and /start_task interfaces, it is possible to modify the default built-in scheduled tasks and start them, achieving RCE.

CVECVE-2026-41315

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 14 · 07:16 PM CDT

ModifiedWed, May 27 · 03:01 PM CDT

Open article ↗

Mon, May 04 · 06:16 PM CDT

CVE-2026-42796

9.8/10 · Must read/watch

NVDvuln

Summary
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file through the plugins param

CVECVE-2026-42796

SeverityCRITICAL

TypeUPDATED

PublishedMon, May 04 · 06:16 PM CDT

ModifiedWed, May 27 · 06:54 PM CDT

Open article ↗

Tue, May 12 · 06:17 PM CDT

CVE-2026-44277

9.8/10 · Must read/watch

NVDvuln

Summary
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.

CVECVE-2026-44277

SeverityCRITICAL

TypeUPDATED

PublishedTue, May 12 · 06:17 PM CDT

ModifiedThu, May 28 · 10:16 AM CDT

Open article ↗

Fri, May 15 · 09:16 AM CDT

CVE-2026-8398

9.8/10 · Must read/watch

NVDvuln

Summary
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft)

CVECVE-2026-8398

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 15 · 09:16 AM CDT

ModifiedWed, May 27 · 07:16 PM CDT

Open article ↗

Tue, May 19 · 11:16 PM CDT

CVE-2026-8495

9.8/10 · Must read/watch

NVDvuln

Summary
Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15.

CVECVE-2026-8495

SeverityCRITICAL

TypeUPDATED

PublishedTue, May 19 · 11:16 PM CDT

ModifiedWed, May 27 · 03:14 PM CDT

Open article ↗

Fri, May 22 · 04:16 PM CDT

CVE-2026-39821

9.6/10 · Must read/watch

NVDvuln

Summary
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a

CVECVE-2026-39821

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 22 · 04:16 PM CDT

ModifiedWed, May 27 · 02:16 PM CDT

Open article ↗

Tue, May 12 · 01:16 AM CDT

CVE-2026-45321

9.6/10 · Must read/watch

NVDvuln

Summary
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The

CVECVE-2026-45321

SeverityCRITICAL

TypeUPDATED

PublishedTue, May 12 · 01:16 AM CDT

ModifiedWed, May 27 · 08:18 PM CDT

Open article ↗

Fri, May 22 · 11:16 PM CDT

CVE-2026-33843

9.1/10 · Must read/watch

NVDvuln

Summary
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.

CVECVE-2026-33843

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 22 · 11:16 PM CDT

ModifiedWed, May 27 · 04:50 PM CDT

Open article ↗

Wed, Jul 29 · 05:30 PM CDT

CVE-2009-0901

8.8/10 · Worth your time

NVDvuln

Summary
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninit

CVECVE-2009-0901

SeverityHIGH

TypeUPDATED

PublishedWed, Jul 29 · 05:30 PM CDT

ModifiedWed, May 27 · 05:16 PM CDT

Open article ↗

Wed, Jul 29 · 05:30 PM CDT

CVE-2009-2493

8.8/10 · Worth your time

NVDvuln

Summary
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoa

CVECVE-2009-2493

SeverityHIGH

TypeUPDATED

PublishedWed, Jul 29 · 05:30 PM CDT

ModifiedWed, May 27 · 05:16 PM CDT

Open article ↗

Tue, Mar 10 · 10:16 PM CDT

CVE-2026-28806

8.8/10 · Worth your time

NVDvuln

Summary
Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to other organizations a

CVECVE-2026-28806

SeverityHIGH

TypeUPDATED

PublishedTue, Mar 10 · 10:16 PM CDT

ModifiedWed, May 27 · 01:47 PM CDT

Open article ↗

Fri, May 22 · 11:16 PM CDT

CVE-2026-35430

8.8/10 · Worth your time

NVDvuln

Summary
Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.

CVECVE-2026-35430

SeverityHIGH

TypeUPDATED

PublishedFri, May 22 · 11:16 PM CDT

ModifiedWed, May 27 · 04:48 PM CDT

Open article ↗

Mon, May 11 · 05:16 PM CDT

CVE-2026-42843

8.8/10 · Worth your time

NVDvuln

Summary
Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin (UsersController::update) allows any authenticated user with basi

CVECVE-2026-42843

SeverityHIGH

TypeUPDATED

PublishedMon, May 11 · 05:16 PM CDT

ModifiedWed, May 27 · 07:07 PM CDT

Open article ↗

Wed, Apr 15 · 08:16 PM CDT

CVE-2026-6303

8.8/10 · Worth your time

NVDvuln

Summary
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVECVE-2026-6303

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 15 · 08:16 PM CDT

ModifiedWed, May 27 · 06:16 PM CDT

Open article ↗

Wed, Apr 15 · 08:16 PM CDT

CVE-2026-6305

8.8/10 · Worth your time

NVDvuln

Summary
Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

CVECVE-2026-6305

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 15 · 08:16 PM CDT

ModifiedWed, May 27 · 06:16 PM CDT

Open article ↗

Wed, Apr 15 · 08:16 PM CDT

CVE-2026-6316

8.8/10 · Worth your time

NVDvuln

Summary
Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVECVE-2026-6316

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 15 · 08:16 PM CDT

ModifiedWed, May 27 · 06:16 PM CDT

Open article ↗

Wed, Apr 15 · 08:16 PM CDT

CVE-2026-6318

8.8/10 · Worth your time

NVDvuln

Summary
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

CVECVE-2026-6318

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 15 · 08:16 PM CDT

ModifiedWed, May 27 · 06:16 PM CDT

Open article ↗

Wed, Apr 15 · 08:16 PM CDT

CVE-2026-6358

8.8/10 · Worth your time

NVDvuln

Summary
Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)

CVECVE-2026-6358

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 15 · 08:16 PM CDT

ModifiedWed, May 27 · 06:16 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.