Archive snapshot

Thu, Apr 09 · 06:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Thu, Apr 09 · 06:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

8

Worth skimming

0

Tracked videos

1

NVD vulnerabilities

25

Top stories

Thu, Apr 09 · 06:00 PM CDT

Google API Keys Quietly Gain Access to Gemini on Android Devices

8.5/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, Apr 09 · 06:00 PM CDT

Bitcoin Depot Reports $3.6m Crypto Theft After System Breach

8.5/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, Apr 09 · 06:00 PM CDT

Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities

8.2/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, Apr 09 · 06:00 PM CDT

Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs

8.2/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, 09 Apr 2026 22:56:00 +0530

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

8.2/10 · Worth your time

The Hacker Newsvulnai

Summary
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows

Open article ↗

Thu, Apr 09 · 06:00 PM CDT

STX RAT Targets Finance Sector With Advanced Stealth Tactics

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, Apr 09 · 06:00 PM CDT

Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, Apr 09 · 06:00 PM CDT

Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group

8.1/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Nothing surfaced yet.

Videos worth watching

Thu, Apr 09 · 08:00 AM CDT

HUGE AI-powered Microsoft Account phishing campaign

8.8/10 · Worth your time

YouTube / John Hammondai

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Wed, Mar 23 · 08:15 PM CDT

CVE-2022-0888

9.8/10 · Must read/watch

NVDvuln

Summary
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to

CVECVE-2022-0888

SeverityCRITICAL

TypeUPDATED

PublishedWed, Mar 23 · 08:15 PM CDT

ModifiedWed, Apr 08 · 07:17 PM CDT

Open article ↗

Tue, Apr 19 · 09:15 PM CDT

CVE-2022-0992

9.8/10 · Must read/watch

NVDvuln

Summary
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful con

CVECVE-2022-0992

SeverityCRITICAL

TypeUPDATED

PublishedTue, Apr 19 · 09:15 PM CDT

ModifiedWed, Apr 08 · 06:17 PM CDT

Open article ↗

Tue, May 10 · 08:15 PM CDT

CVE-2022-1453

9.8/10 · Must read/watch

NVDvuln

Summary
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions

CVECVE-2022-1453

SeverityCRITICAL

TypeUPDATED

PublishedTue, May 10 · 08:15 PM CDT

ModifiedWed, Apr 08 · 06:17 PM CDT

Open article ↗

Tue, May 10 · 08:15 PM CDT

CVE-2022-1505

9.8/10 · Must read/watch

NVDvuln

Summary
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in

CVECVE-2022-1505

SeverityCRITICAL

TypeUPDATED

PublishedTue, May 10 · 08:15 PM CDT

ModifiedWed, Apr 08 · 06:17 PM CDT

Open article ↗

Mon, Jun 13 · 02:15 PM CDT

CVE-2022-1768

9.8/10 · Must read/watch

NVDvuln

Summary
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the databas

CVECVE-2022-1768

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jun 13 · 02:15 PM CDT

ModifiedWed, Apr 08 · 07:17 PM CDT

Open article ↗

Mon, Jul 18 · 05:15 PM CDT

CVE-2022-2437

9.8/10 · Must read/watch

NVDvuln

Summary
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will deserialize the data

CVECVE-2022-2437

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 18 · 05:15 PM CDT

ModifiedWed, Apr 08 · 06:17 PM CDT

Open article ↗

Thu, Nov 10 · 04:15 PM CST

CVE-2022-45063

9.8/10 · Must read/watch

NVDvuln

Summary
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.

CVECVE-2022-45063

SeverityCRITICAL

TypeUPDATED

PublishedThu, Nov 10 · 04:15 PM CST

ModifiedWed, Apr 08 · 07:17 PM CDT

Open article ↗

Fri, Oct 28 · 07:15 PM CDT

CVE-2022-3708

9.6/10 · Must read/watch

NVDvuln

Summary
The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbi

CVECVE-2022-3708

SeverityCRITICAL

TypeUPDATED

PublishedFri, Oct 28 · 07:15 PM CDT

ModifiedWed, Apr 08 · 06:17 PM CDT

Open article ↗

Mon, Jun 13 · 02:15 PM CDT

CVE-2022-1749

8.8/10 · Worth your time

NVDvuln

Summary
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.

CVECVE-2022-1749

SeverityHIGH

TypeUPDATED

PublishedMon, Jun 13 · 02:15 PM CDT

ModifiedWed, Apr 08 · 05:16 PM CDT

Open article ↗

Mon, Jun 13 · 01:15 PM CDT

CVE-2022-1900

8.8/10 · Worth your time

NVDvuln

Summary
The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged reque

CVECVE-2022-1900

SeverityHIGH

TypeUPDATED

PublishedMon, Jun 13 · 01:15 PM CDT

ModifiedWed, Apr 08 · 07:17 PM CDT

Open article ↗

Mon, Jul 18 · 05:15 PM CDT

CVE-2022-1912

8.8/10 · Worth your time

NVDvuln

Summary
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web

CVECVE-2022-1912

SeverityHIGH

TypeUPDATED

PublishedMon, Jul 18 · 05:15 PM CDT

ModifiedWed, Apr 08 · 06:17 PM CDT

Open article ↗

Mon, Jun 13 · 01:15 PM CDT

CVE-2022-1918

8.8/10 · Worth your time

NVDvuln

Summary
The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts v

CVECVE-2022-1918

SeverityHIGH

TypeUPDATED

PublishedMon, Jun 13 · 01:15 PM CDT

ModifiedWed, Apr 08 · 07:17 PM CDT

Open article ↗

Mon, Jun 13 · 02:15 PM CDT

CVE-2022-1969

8.8/10 · Worth your time

NVDvuln

Summary
The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via for

CVECVE-2022-1969

SeverityHIGH

TypeUPDATED

PublishedMon, Jun 13 · 02:15 PM CDT

ModifiedWed, Apr 08 · 06:17 PM CDT

Open article ↗

Mon, Jul 18 · 05:15 PM CDT

CVE-2022-2001

8.8/10 · Worth your time

NVDvuln

Summary
The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxss_admin_page() function found in the ~/dx-share-selection.php file. This makes it possible for unauthenticated attackers to inject malicious web

CVECVE-2022-2001

SeverityHIGH

TypeUPDATED

PublishedMon, Jul 18 · 05:15 PM CDT

ModifiedWed, Apr 08 · 06:17 PM CDT

Open article ↗

Mon, Jul 18 · 05:15 PM CDT

CVE-2022-2039

8.8/10 · Worth your time

NVDvuln

Summary
The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupporti_settings() function found in the ~/livesupporti.php file. This makes it possible for unauthenticated attackers to inject malici

CVECVE-2022-2039

SeverityHIGH

TypeUPDATED

PublishedMon, Jul 18 · 05:15 PM CDT

ModifiedWed, Apr 08 · 07:17 PM CDT

Open article ↗

Tue, Sep 06 · 06:15 PM CDT

CVE-2022-2233

8.8/10 · Worth your time

NVDvuln

Summary
The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabc_admin_slides_postback() function found in the ~/admin/admin.php file. This makes it possible for unauthenticated attackers to inject malicious web

CVECVE-2022-2233

SeverityHIGH

TypeUPDATED

PublishedTue, Sep 06 · 06:15 PM CDT

ModifiedWed, Apr 08 · 06:17 PM CDT

Open article ↗

Tue, Sep 06 · 06:15 PM CDT

CVE-2022-2434

8.8/10 · Worth your time

NVDvuln

Summary
The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an

CVECVE-2022-2434

SeverityHIGH

TypeUPDATED

PublishedTue, Sep 06 · 06:15 PM CDT

ModifiedWed, Apr 08 · 05:16 PM CDT

Open article ↗

Mon, Jul 18 · 05:15 PM CDT

CVE-2022-2435

8.8/10 · Worth your time

NVDvuln

Summary
The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure() function found in the ~/anymind-widget-id.php file. This makes it possible for unauthenticated attackers to inject malicious web s

CVECVE-2022-2435

SeverityHIGH

TypeUPDATED

PublishedMon, Jul 18 · 05:15 PM CDT

ModifiedWed, Apr 08 · 05:16 PM CDT

Open article ↗

Tue, Sep 06 · 06:15 PM CDT

CVE-2022-2436

8.8/10 · Worth your time

NVDvuln

Summary
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize t

CVECVE-2022-2436

SeverityHIGH

TypeUPDATED

PublishedTue, Sep 06 · 06:15 PM CDT

ModifiedWed, Apr 08 · 06:17 PM CDT

Open article ↗

Mon, Jul 18 · 05:15 PM CDT

CVE-2022-2443

8.8/10 · Worth your time

NVDvuln

Summary
The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions() function found in the ~/freemind-wp-browser.php file. This makes it possible for unauthenticated attackers to inject malicious w

CVECVE-2022-2443

SeverityHIGH

TypeUPDATED

PublishedMon, Jul 18 · 05:15 PM CDT

ModifiedWed, Apr 08 · 07:17 PM CDT

Open article ↗

Mon, Jul 18 · 05:15 PM CDT

CVE-2022-2444

8.8/10 · Worth your time

NVDvuln

Summary
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wra

CVECVE-2022-2444

SeverityHIGH

TypeUPDATED

PublishedMon, Jul 18 · 05:15 PM CDT

ModifiedWed, Apr 08 · 07:17 PM CDT

Open article ↗

Tue, Sep 06 · 06:15 PM CDT

CVE-2022-2518

8.8/10 · Worth your time

NVDvuln

Summary
The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockist_settings_main() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inj

CVECVE-2022-2518

SeverityHIGH

TypeUPDATED

PublishedTue, Sep 06 · 06:15 PM CDT

ModifiedWed, Apr 08 · 06:17 PM CDT

Open article ↗

Tue, Sep 06 · 06:15 PM CDT

CVE-2022-2540

8.8/10 · Worth your time

NVDvuln

Summary
The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated attackers to modify the pl

CVECVE-2022-2540

SeverityHIGH

TypeUPDATED

PublishedTue, Sep 06 · 06:15 PM CDT

ModifiedWed, Apr 08 · 07:17 PM CDT

Open article ↗

Tue, Sep 06 · 06:15 PM CDT

CVE-2022-2541

8.8/10 · Worth your time

NVDvuln

Summary
The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for unau

CVECVE-2022-2541

SeverityHIGH

TypeUPDATED

PublishedTue, Sep 06 · 06:15 PM CDT

ModifiedWed, Apr 08 · 05:16 PM CDT

Open article ↗

Tue, Sep 06 · 06:15 PM CDT

CVE-2022-2542

8.8/10 · Worth your time

NVDvuln

Summary
The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is called via the doAjax() function. This makes it possible for u

CVECVE-2022-2542

SeverityHIGH

TypeUPDATED

PublishedTue, Sep 06 · 06:15 PM CDT

ModifiedWed, Apr 08 · 06:17 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.