Archive snapshot

Sun, May 31 · 12:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Sun, May 31 · 12:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Sat, May 30 · 08:00 PM CDT

Racket v9.2 is now available

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Sun, May 31 · 12:00 AM CDT

AI-Generated npm Malware Leaks Its Own GitHub Token

8.0/10 · Worth your time

Infosecurity Magazinemalwaresupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sun, May 31 · 12:00 AM CDT

GCHQ Chief Urges Action as AI Reshapes Cyber Threats

7.8/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sun, May 31 · 12:00 AM CDT

Attackers Move Past Typosquatting to Realistic Package Impersonation

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sun, May 31 · 12:00 AM CDT

Microsoft Condemns "Uncoordinated" Zero Day Disclosures

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Sun, May 31 · 12:00 AM CDT

New Threat Actor Jinx-0164 Targets Crypto Developers on macOS

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sun, May 31 · 12:00 AM CDT

Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems

7.6/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sun, May 31 · 12:00 AM CDT

Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies

7.6/10 · Worth your time

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 30 · 07:00 PM CDT

Microsoft degrades functionality of perpetually-licensed offline products

7.6/10 · Worth your time

Hacker Newsgeneral

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 5 hours ago.

Open article ↗

Sat, May 30 · 11:00 PM CDT

A Gentle Introduction to Lattice-Based Cryptography [pdf]

7.6/10 · Worth your time

Hacker Newsgeneral

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Thu, Jul 28 · 09:15 PM CDT

CVE-2021-41556

10.0/10 · Must read/watch

NVDvuln

Summary
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality s

CVECVE-2021-41556

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jul 28 · 09:15 PM CDT

ModifiedFri, May 29 · 08:16 PM CDT

Open article ↗

Mon, May 14 · 11:29 PM CDT

CVE-2018-11091

9.9/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the "HiddenFieldControlCustomWhiteListedExtensions"

CVECVE-2018-11091

SeverityCRITICAL

TypeUPDATED

PublishedMon, May 14 · 11:29 PM CDT

ModifiedFri, May 29 · 09:16 PM CDT

Open article ↗

Tue, Apr 11 · 06:59 PM CDT

CVE-2016-1908

9.8/10 · Must read/watch

NVDvuln

Summary
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as

CVECVE-2016-1908

SeverityCRITICAL

TypeUPDATED

PublishedTue, Apr 11 · 06:59 PM CDT

ModifiedFri, May 29 · 09:16 PM CDT

Open article ↗

Tue, Nov 22 · 07:59 PM CST

CVE-2016-9535

9.8/10 · Must read/watch

NVDvuln

Summary
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

CVECVE-2016-9535

SeverityCRITICAL

TypeUPDATED

PublishedTue, Nov 22 · 07:59 PM CST

ModifiedFri, May 29 · 09:16 PM CDT

Open article ↗

Thu, Apr 06 · 09:59 PM CDT

CVE-2017-7574

9.8/10 · Must read/watch

NVDvuln

Summary
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypt

CVECVE-2017-7574

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 06 · 09:59 PM CDT

ModifiedFri, May 29 · 02:16 PM CDT

Open article ↗

Thu, Apr 06 · 09:59 PM CDT

CVE-2017-7575

9.8/10 · Must read/watch

NVDvuln

Summary
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded.

CVECVE-2017-7575

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 06 · 09:59 PM CDT

ModifiedFri, May 29 · 02:16 PM CDT

Open article ↗

Wed, Aug 29 · 09:29 PM CDT

CVE-2018-7790

9.8/10 · Must read/watch

NVDvuln

Summary
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the atta

CVECVE-2018-7790

SeverityCRITICAL

TypeUPDATED

PublishedWed, Aug 29 · 09:29 PM CDT

ModifiedFri, May 29 · 03:16 PM CDT

Open article ↗

Wed, Aug 29 · 09:29 PM CDT

CVE-2018-7791

9.8/10 · Must read/watch

NVDvuln

Summary
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and ov

CVECVE-2018-7791

SeverityCRITICAL

TypeUPDATED

PublishedWed, Aug 29 · 09:29 PM CDT

ModifiedFri, May 29 · 03:16 PM CDT

Open article ↗

Fri, Jun 11 · 04:15 PM CDT

CVE-2021-22763

9.8/10 · Must read/watch

NVDvuln

Summary
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.

CVECVE-2021-22763

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jun 11 · 04:15 PM CDT

ModifiedFri, May 29 · 02:16 PM CDT

Open article ↗

Fri, Jun 11 · 04:15 PM CDT

CVE-2021-22765

9.8/10 · Must read/watch

NVDvuln

Summary
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet

CVECVE-2021-22765

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jun 11 · 04:15 PM CDT

ModifiedFri, May 29 · 03:16 PM CDT

Open article ↗

Fri, Jun 11 · 04:15 PM CDT

CVE-2021-22767

9.8/10 · Must read/watch

NVDvuln

Summary
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276

CVECVE-2021-22767

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jun 11 · 04:15 PM CDT

ModifiedFri, May 29 · 03:16 PM CDT

Open article ↗

Fri, Jun 11 · 04:15 PM CDT

CVE-2021-22768

9.8/10 · Must read/watch

NVDvuln

Summary
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767

CVECVE-2021-22768

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jun 11 · 04:15 PM CDT

ModifiedFri, May 29 · 03:16 PM CDT

Open article ↗

Tue, Aug 03 · 04:15 PM CDT

CVE-2021-33485

9.8/10 · Must read/watch

NVDvuln

Summary
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.

CVECVE-2021-33485

SeverityCRITICAL

TypeUPDATED

PublishedTue, Aug 03 · 04:15 PM CDT

ModifiedFri, May 29 · 03:16 PM CDT

Open article ↗

Wed, Jul 14 · 03:15 PM CDT

CVE-2021-22779

9.1/10 · Must read/watch

NVDvuln

Summary
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70

CVECVE-2021-22779

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jul 14 · 03:15 PM CDT

ModifiedFri, May 29 · 03:16 PM CDT

Open article ↗

Wed, Mar 09 · 08:15 PM CST

CVE-2022-0715

9.1/10 · Must read/watch

NVDvuln

Summary
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior

CVECVE-2022-0715

SeverityCRITICAL

TypeUPDATED

PublishedWed, Mar 09 · 08:15 PM CST

ModifiedFri, May 29 · 03:16 PM CDT

Open article ↗

Wed, Nov 18 · 02:15 PM CST

CVE-2020-7563

8.8/10 · Worth your time

NVDvuln

Summary
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controll

CVECVE-2020-7563

SeverityHIGH

TypeUPDATED

PublishedWed, Nov 18 · 02:15 PM CST

ModifiedFri, May 29 · 02:16 PM CDT

Open article ↗

Wed, Nov 18 · 02:15 PM CST

CVE-2020-7564

8.8/10 · Worth your time

NVDvuln

Summary
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when upl

CVECVE-2020-7564

SeverityHIGH

TypeUPDATED

PublishedWed, Nov 18 · 02:15 PM CST

ModifiedFri, May 29 · 02:16 PM CDT

Open article ↗

Mon, May 04 · 02:16 PM CDT

CVE-2025-58074

8.8/10 · Worth your time

NVDvuln

Summary
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.

CVECVE-2025-58074

SeverityHIGH

TypeUPDATED

PublishedMon, May 04 · 02:16 PM CDT

ModifiedFri, May 29 · 02:16 PM CDT

Open article ↗

Fri, May 01 · 05:16 PM CDT

CVE-2026-37540

8.4/10 · Worth your time

NVDvuln

Summary
OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems (STM32MP1, Zynq, i.MX), large values can cause the product to

CVECVE-2026-37540

SeverityHIGH

TypeUPDATED

PublishedFri, May 01 · 05:16 PM CDT

ModifiedFri, May 29 · 12:39 PM CDT

Open article ↗

Fri, Nov 02 · 05:29 PM CDT

CVE-2018-7798

8.2/10 · Worth your time

NVDvuln

Summary
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.

CVECVE-2018-7798

SeverityHIGH

TypeUPDATED

PublishedFri, Nov 02 · 05:29 PM CDT

ModifiedFri, May 29 · 03:16 PM CDT

Open article ↗

Thu, Jan 14 · 10:59 PM CST

CVE-2016-0778

8.1/10 · Worth your time

NVDvuln

Summary
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow

CVECVE-2016-0778

SeverityHIGH

TypeUPDATED

PublishedThu, Jan 14 · 10:59 PM CST

ModifiedFri, May 29 · 09:16 PM CDT

Open article ↗

Wed, Nov 18 · 02:15 PM CST

CVE-2020-7562

8.1/10 · Worth your time

NVDvuln

Summary
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller ove

CVECVE-2020-7562

SeverityHIGH

TypeUPDATED

PublishedWed, Nov 18 · 02:15 PM CST

ModifiedFri, May 29 · 02:16 PM CDT

Open article ↗

Fri, Apr 10 · 10:16 AM CDT

CVE-2021-47961

8.1/10 · Worth your time

NVDvuln

Summary
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interactio

CVECVE-2021-47961

SeverityHIGH

TypeUPDATED

PublishedFri, Apr 10 · 10:16 AM CDT

ModifiedFri, May 29 · 07:05 PM CDT

Open article ↗

Mon, May 04 · 07:15 AM CDT

CVE-2026-29199

8.1/10 · Worth your time

NVDvuln

Summary
phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Host header (e.g. throug

CVECVE-2026-29199

SeverityHIGH

TypeUPDATED

PublishedMon, May 04 · 07:15 AM CDT

ModifiedFri, May 29 · 12:57 PM CDT

Open article ↗

Thu, Jan 05 · 02:59 AM CST

CVE-2016-10012

7.8/10 · Worth your time

NVDvuln

Summary
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib

CVECVE-2016-10012

SeverityHIGH

TypeUPDATED

PublishedThu, Jan 05 · 02:59 AM CST

ModifiedFri, May 29 · 09:16 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.