Archive snapshot

Fri, May 29 · 12:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Fri, May 29 · 12:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

2

NVD vulnerabilities

25

Top stories

Fri, 29 May 2026 20:09:56 +0530

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

9.8/10 · Must read/watch

The Hacker Newsvulnai

Summary
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "T

Open article ↗

Fri, May 29 · 12:00 PM CDT

AI-Generated npm Malware Leaks Its Own GitHub Token

9.4/10 · Must read/watch

Infosecurity Magazinemalwaresupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 29 · 12:00 PM CDT

Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems

9.4/10 · Must read/watch

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 29 · 11:00 AM CDT

CAPTCHAs can still detect AI agents

9.3/10 · Must read/watch

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Fri, May 29 · 12:00 PM CDT

Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies

9.0/10 · Must read/watch

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Fri, 29 May 2026 17:01:59 +0530

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

8.6/10 · Worth your time

The Hacker Newsai

Summary
A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operati

Open article ↗

Fri, 29 May 2026 12:00:00 GMT

Boston Children’s uses AI to unlock new diagnoses

8.6/10 · Worth your time

OpenAIai

Summary
Boston Children’s Hospital uses OpenAI technology to improve patient care, reduce operational burden, and help diagnose more than 40 rare disease cases.

Open article ↗

Fri, May 29 · 11:23 AM CDT

Notes from the Mistral AI Now Summit in Paris

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 37 minutes ago.

Open article ↗

Fri, May 29 · 12:00 PM CDT

Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 29 · 11:00 AM CDT

Bijou64: A variable-length integer encoding

7.6/10 · Worth your time

Hacker Newsgeneral

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Videos worth watching

Fri, May 29 · 10:00 AM CDT

Raspberry Pi 5 Kali Linux install in 10 minutes (with WiFi hacking)

7.8/10 · Worth your time

YouTube / David Bombalgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

Fri, May 29 · 02:57 AM CDT

Payload Podcast 007 with Andy Piazza (klrgrz)

6.8/10 · Skim only if relevant

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Mon, Jan 05 · 08:30 PM CST

CVE-2004-2761

9.8/10 · Must read/watch

NVDvuln

Summary
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

CVECVE-2004-2761

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jan 05 · 08:30 PM CST

ModifiedThu, May 28 · 07:16 PM CDT

Open article ↗

Thu, Aug 05 · 01:22 PM CDT

CVE-2010-2965

9.8/10 · Must read/watch

NVDvuln

Summary
The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 1

CVECVE-2010-2965

SeverityCRITICAL

TypeUPDATED

PublishedThu, Aug 05 · 01:22 PM CDT

ModifiedThu, May 28 · 08:16 PM CDT

Open article ↗

Mon, Dec 06 · 10:30 PM CST

CVE-2010-4478

9.8/10 · Must read/watch

NVDvuln

Summary
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-20

CVECVE-2010-4478

SeverityCRITICAL

TypeUPDATED

PublishedMon, Dec 06 · 10:30 PM CST

ModifiedThu, May 28 · 08:16 PM CDT

Open article ↗

Fri, Jun 30 · 03:29 AM CDT

CVE-2017-6034

9.8/10 · Must read/watch

NVDvuln

Summary
An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.

CVECVE-2017-6034

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jun 30 · 03:29 AM CDT

ModifiedThu, May 28 · 08:16 PM CDT

Open article ↗

Wed, Apr 10 · 08:29 PM CDT

CVE-2019-11068

9.8/10 · Must read/watch

NVDvuln

Summary
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

CVECVE-2019-11068

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 10 · 08:29 PM CDT

ModifiedThu, May 28 · 07:16 PM CDT

Open article ↗

Fri, Dec 20 · 05:15 PM CST

CVE-2019-17571

9.8/10 · Must read/watch

NVDvuln

Summary
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

CVECVE-2019-17571

SeverityCRITICAL

TypeUPDATED

PublishedFri, Dec 20 · 05:15 PM CST

ModifiedThu, May 28 · 07:16 PM CDT

Open article ↗

Wed, Apr 22 · 07:15 PM CDT

CVE-2020-7489

9.8/10 · Must read/watch

NVDvuln

Summary
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transfe

CVECVE-2020-7489

SeverityCRITICAL

TypeUPDATED

PublishedWed, Apr 22 · 07:15 PM CDT

ModifiedThu, May 28 · 09:16 PM CDT

Open article ↗

Fri, Mar 17 · 04:15 AM CDT

CVE-2023-28531

9.8/10 · Must read/watch

NVDvuln

Summary
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

CVECVE-2023-28531

SeverityCRITICAL

TypeUPDATED

PublishedFri, Mar 17 · 04:15 AM CDT

ModifiedThu, May 28 · 07:16 PM CDT

Open article ↗

Tue, Nov 07 · 04:15 PM CST

CVE-2023-47359

9.8/10 · Must read/watch

NVDvuln

Summary
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.

CVECVE-2023-47359

SeverityCRITICAL

TypeUPDATED

PublishedTue, Nov 07 · 04:15 PM CST

ModifiedThu, May 28 · 07:16 PM CDT

Open article ↗

Fri, Jan 16 · 03:15 AM CST

CVE-2025-62582

9.8/10 · Must read/watch

NVDvuln

Summary
Delta Electronics DIAView has multiple vulnerabilities.

CVECVE-2025-62582

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jan 16 · 03:15 AM CST

ModifiedFri, May 29 · 04:17 AM CDT

Open article ↗

Tue, May 12 · 08:16 PM CDT

CVE-2026-45185

9.8/10 · Must read/watch

NVDvuln

Summary
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An una

CVECVE-2026-45185

SeverityCRITICAL

TypeUPDATED

PublishedTue, May 12 · 08:16 PM CDT

ModifiedThu, May 28 · 06:46 PM CDT

Open article ↗

Fri, May 15 · 07:17 PM CDT

CVE-2026-46364

9.8/10 · Must read/watch

NVDvuln

Summary
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by craf

CVECVE-2026-46364

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 15 · 07:17 PM CDT

ModifiedThu, May 28 · 04:16 PM CDT

Open article ↗

Fri, May 15 · 09:16 AM CDT

CVE-2026-8398

9.8/10 · Must read/watch

NVDvuln

Summary
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft)

CVECVE-2026-8398

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 15 · 09:16 AM CDT

ModifiedThu, May 28 · 12:57 PM CDT

Open article ↗

Wed, Jan 01 · 05:00 AM CST

CVE-1999-0511

9.1/10 · Must read/watch

NVDvuln

Summary
IP forwarding is enabled on a machine which is not a router or firewall.

CVECVE-1999-0511

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jan 01 · 05:00 AM CST

ModifiedThu, May 28 · 06:16 PM CDT

Open article ↗

Fri, May 15 · 07:17 PM CDT

CVE-2026-45010

9.1/10 · Must read/watch

NVDvuln

Summary
phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by submitting POST request

CVECVE-2026-45010

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 15 · 07:17 PM CDT

ModifiedThu, May 28 · 04:16 PM CDT

Open article ↗

Mon, Nov 25 · 03:15 PM CST

CVE-2019-13721

8.8/10 · Worth your time

NVDvuln

Summary
Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVECVE-2019-13721

SeverityHIGH

TypeUPDATED

PublishedMon, Nov 25 · 03:15 PM CST

ModifiedThu, May 28 · 07:16 PM CDT

Open article ↗

Fri, Feb 04 · 11:15 PM CST

CVE-2020-7534

8.8/10 · Worth your time

NVDvuln

Summary
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet

CVECVE-2020-7534

SeverityHIGH

TypeUPDATED

PublishedFri, Feb 04 · 11:15 PM CST

ModifiedThu, May 28 · 10:16 PM CDT

Open article ↗

Mon, May 04 · 02:16 PM CDT

CVE-2025-58074

8.8/10 · Worth your time

NVDvuln

Summary
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.

CVECVE-2025-58074

SeverityHIGH

TypeUPDATED

PublishedMon, May 04 · 02:16 PM CDT

ModifiedThu, May 28 · 05:16 PM CDT

Open article ↗

Wed, Apr 01 · 05:16 AM CDT

CVE-2026-5272

8.8/10 · Worth your time

NVDvuln

Summary
Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVECVE-2026-5272

SeverityHIGH

TypeUPDATED

PublishedWed, Apr 01 · 05:16 AM CDT

ModifiedThu, May 28 · 02:33 PM CDT

Open article ↗

Tue, Apr 28 · 01:19 PM CDT

CVE-2026-5781

8.8/10 · Worth your time

NVDvuln

Summary
An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerabilit

CVECVE-2026-5781

SeverityHIGH

TypeUPDATED

PublishedTue, Apr 28 · 01:19 PM CDT

ModifiedThu, May 28 · 01:57 PM CDT

Open article ↗

Mon, Apr 27 · 09:16 AM CDT

CVE-2026-7101

8.8/10 · Worth your time

NVDvuln

Summary
A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

CVECVE-2026-7101

SeverityHIGH

TypeUPDATED

PublishedMon, Apr 27 · 09:16 AM CDT

ModifiedThu, May 28 · 01:57 PM CDT

Open article ↗

Tue, May 12 · 06:17 PM CDT

CVE-2026-35438

8.3/10 · Worth your time

NVDvuln

Summary
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVECVE-2026-35438

SeverityHIGH

TypeUPDATED

PublishedTue, May 12 · 06:17 PM CDT

ModifiedThu, May 28 · 08:39 PM CDT

Open article ↗

Wed, May 22 · 08:29 PM CDT

CVE-2019-6820

8.2/10 · Worth your time

NVDvuln

Summary
A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Mo

CVECVE-2019-6820

SeverityHIGH

TypeUPDATED

PublishedWed, May 22 · 08:29 PM CDT

ModifiedThu, May 28 · 08:16 PM CDT

Open article ↗

Mon, Jan 25 · 07:30 PM CST

CVE-2010-0386

8.1/10 · Worth your time

NVDvuln

Summary
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

CVECVE-2010-0386

SeverityHIGH

TypeUPDATED

PublishedMon, Jan 25 · 07:30 PM CST

ModifiedThu, May 28 · 07:16 PM CDT

Open article ↗

Mon, May 11 · 02:16 PM CDT

CVE-2026-4802

8.0/10 · Worth your time

NVDvuln

Summary
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these p

CVECVE-2026-4802

SeverityHIGH

TypeUPDATED

PublishedMon, May 11 · 02:16 PM CDT

ModifiedThu, May 28 · 04:16 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.