Archive snapshot

Wed, Apr 22 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Wed, Apr 22 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

8

Worth skimming

0

Tracked videos

1

NVD vulnerabilities

25

Top stories

Wed, 22 Apr 2026 14:59:00 +0530

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

9.2/10 · Must read/watch

The Hacker Newsvuln

Summary
Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It's rated Important in s

Open article ↗

Wed, Apr 22 · 06:00 AM CDT

Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang

9.2/10 · Must read/watch

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, 22 Apr 2026 12:46:00 +0530

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

8.2/10 · Worth your time

The Hacker Newsvulnai

Summary
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability i

Open article ↗

Wed, Apr 22 · 06:00 AM CDT

Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool

8.1/10 · Worth your time

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, 22 Apr 2026 13:28:00 +0530

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

8.1/10 · Worth your time

The Hacker Newsmalwarepolicy

Summary
Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports

Open article ↗

Wed, Apr 22 · 05:00 AM CDT

Meta employees are up in arms over a mandatory program to train AI on their

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Wed, Apr 22 · 06:00 AM CDT

Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 22 · 06:00 AM CDT

Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet

8.0/10 · Worth your time

Infosecurity Magazinevulnai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Nothing surfaced yet.

Videos worth watching

Tue, Apr 21 · 08:00 AM CDT

The Dawn of AI Warfare (with Katrina Manson)

8.1/10 · Worth your time

YouTube / John Hammondai

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Tue, Sep 18 · 09:17 PM CDT

CVE-2007-3010

9.8/10 · Must read/watch

NVDvuln

Summary
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

CVECVE-2007-3010

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 18 · 09:17 PM CDT

ModifiedTue, Apr 21 · 06:56 PM CDT

Open article ↗

Thu, Mar 26 · 02:30 PM CDT

CVE-2009-1151

9.8/10 · Must read/watch

NVDvuln

Summary
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

CVECVE-2009-1151

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 26 · 02:30 PM CDT

ModifiedTue, Apr 21 · 03:19 PM CDT

Open article ↗

Thu, Apr 01 · 04:30 PM CDT

CVE-2010-0840

9.8/10 · Must read/watch

NVDvuln

Summary
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Or

CVECVE-2010-0840

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 01 · 04:30 PM CDT

ModifiedTue, Apr 21 · 06:07 PM CDT

Open article ↗

Wed, Aug 11 · 06:47 PM CDT

CVE-2010-2861

9.8/10 · Must read/watch

NVDvuln

Summary
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm

CVECVE-2010-2861

SeverityCRITICAL

TypeUPDATED

PublishedWed, Aug 11 · 06:47 PM CDT

ModifiedTue, Apr 21 · 09:13 PM CDT

Open article ↗

Thu, Oct 28 · 12:00 AM CDT

CVE-2010-3765

9.8/10 · Must read/watch

NVDvuln

Summary
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, inc

CVECVE-2010-3765

SeverityCRITICAL

TypeUPDATED

PublishedThu, Oct 28 · 12:00 AM CDT

ModifiedTue, Apr 21 · 03:19 PM CDT

Open article ↗

Tue, Dec 14 · 04:00 PM CST

CVE-2010-4344

9.8/10 · Must read/watch

NVDvuln

Summary
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

CVECVE-2010-4344

SeverityCRITICAL

TypeUPDATED

PublishedTue, Dec 14 · 04:00 PM CST

ModifiedTue, Apr 21 · 08:31 PM CDT

Open article ↗

Thu, Jun 16 · 08:55 PM CDT

CVE-2011-1889

9.8/10 · Must read/watch

NVDvuln

Summary
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."

CVECVE-2011-1889

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jun 16 · 08:55 PM CDT

ModifiedWed, Apr 22 · 10:35 AM CDT

Open article ↗

Wed, Dec 07 · 07:55 PM CST

CVE-2011-2462

9.8/10 · Must read/watch

NVDvuln

Summary
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December

CVECVE-2011-2462

SeverityCRITICAL

TypeUPDATED

PublishedWed, Dec 07 · 07:55 PM CST

ModifiedTue, Apr 21 · 09:13 PM CDT

Open article ↗

Wed, Oct 19 · 09:55 PM CDT

CVE-2011-3544

9.8/10 · Must read/watch

NVDvuln

Summary
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

CVECVE-2011-3544

SeverityCRITICAL

TypeUPDATED

PublishedWed, Oct 19 · 09:55 PM CDT

ModifiedTue, Apr 21 · 03:19 PM CDT

Open article ↗

Sun, Jan 08 · 03:55 PM CST

CVE-2012-0391

9.8/10 · Must read/watch

NVDvuln

Summary
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.

CVECVE-2012-0391

SeverityCRITICAL

TypeUPDATED

PublishedSun, Jan 08 · 03:55 PM CST

ModifiedWed, Apr 22 · 10:36 AM CDT

Open article ↗

Thu, Jun 07 · 10:55 PM CDT

CVE-2012-0507

9.8/10 · Must read/watch

NVDvuln

Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous informa

CVECVE-2012-0507

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jun 07 · 10:55 PM CDT

ModifiedTue, Apr 21 · 03:19 PM CDT

Open article ↗

Thu, May 03 · 10:55 PM CDT

CVE-2012-1710

9.8/10 · Must read/watch

NVDvuln

Summary
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709.

CVECVE-2012-1710

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 03 · 10:55 PM CDT

ModifiedTue, Apr 21 · 08:29 PM CDT

Open article ↗

Sat, Jun 16 · 09:55 PM CDT

CVE-2012-1723

9.8/10 · Must read/watch

NVDvuln

Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVECVE-2012-1723

SeverityCRITICAL

TypeUPDATED

PublishedSat, Jun 16 · 09:55 PM CDT

ModifiedTue, Apr 21 · 08:29 PM CDT

Open article ↗

Fri, May 11 · 10:15 AM CDT

CVE-2012-1823

9.8/10 · Must read/watch

NVDvuln

Summary
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of s

CVECVE-2012-1823

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 11 · 10:15 AM CDT

ModifiedTue, Apr 21 · 08:28 PM CDT

Open article ↗

Tue, Aug 28 · 12:55 AM CDT

CVE-2012-4681

9.8/10 · Must read/watch

NVDvuln

Summary
Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the

CVECVE-2012-4681

SeverityCRITICAL

TypeUPDATED

PublishedTue, Aug 28 · 12:55 AM CDT

ModifiedTue, Apr 21 · 06:38 PM CDT

Open article ↗

Tue, Oct 16 · 09:55 PM CDT

CVE-2012-5076

9.8/10 · Must read/watch

NVDvuln

Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.

CVECVE-2012-5076

SeverityCRITICAL

TypeUPDATED

PublishedTue, Oct 16 · 09:55 PM CDT

ModifiedTue, Apr 21 · 07:00 PM CDT

Open article ↗

Thu, Jan 10 · 09:55 PM CST

CVE-2013-0422

9.8/10 · Must read/watch

NVDvuln

Summary
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method,

CVECVE-2013-0422

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jan 10 · 09:55 PM CST

ModifiedTue, Apr 21 · 07:02 PM CDT

Open article ↗

Wed, Jan 09 · 01:55 AM CST

CVE-2013-0625

9.8/10 · Must read/watch

NVDvuln

Summary
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.

CVECVE-2013-0625

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jan 09 · 01:55 AM CST

ModifiedTue, Apr 21 · 08:54 PM CDT

Open article ↗

Thu, Jan 17 · 12:55 AM CST

CVE-2013-0632

9.8/10 · Must read/watch

NVDvuln

Summary
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in Jan

CVECVE-2013-0632

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jan 17 · 12:55 AM CST

ModifiedTue, Apr 21 · 09:01 PM CDT

Open article ↗

Sat, Jul 20 · 03:37 AM CDT

CVE-2013-2251

9.8/10 · Must read/watch

NVDvuln

Summary
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

CVECVE-2013-2251

SeverityCRITICAL

TypeUPDATED

PublishedSat, Jul 20 · 03:37 AM CDT

ModifiedTue, Apr 21 · 03:20 PM CDT

Open article ↗

Tue, Jun 18 · 10:55 PM CDT

CVE-2013-2465

9.8/10 · Must read/watch

NVDvuln

Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous

CVECVE-2013-2465

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 18 · 10:55 PM CDT

ModifiedTue, Apr 21 · 03:20 PM CDT

Open article ↗

Thu, May 16 · 11:45 AM CDT

CVE-2013-2729

9.8/10 · Must read/watch

NVDvuln

Summary
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.

CVECVE-2013-2729

SeverityCRITICAL

TypeUPDATED

PublishedThu, May 16 · 11:45 AM CDT

ModifiedTue, Apr 21 · 03:20 PM CDT

Open article ↗

Fri, Aug 30 · 08:55 PM CDT

CVE-2013-3346

9.8/10 · Must read/watch

NVDvuln

Summary
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-27

CVECVE-2013-3346

SeverityCRITICAL

TypeUPDATED

PublishedFri, Aug 30 · 08:55 PM CDT

ModifiedTue, Apr 21 · 09:14 PM CDT

Open article ↗

Mon, Sep 16 · 01:01 PM CDT

CVE-2013-4810

9.8/10 · Must read/watch

NVDvuln

Summary
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-

CVECVE-2013-4810

SeverityCRITICAL

TypeUPDATED

PublishedMon, Sep 16 · 01:01 PM CDT

ModifiedTue, Apr 21 · 07:12 PM CDT

Open article ↗

Wed, Feb 05 · 05:15 AM CST

CVE-2014-0497

9.8/10 · Must read/watch

NVDvuln

Summary
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

CVECVE-2014-0497

SeverityCRITICAL

TypeUPDATED

PublishedWed, Feb 05 · 05:15 AM CST

ModifiedTue, Apr 21 · 09:11 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.