Archive snapshot

Sat, Apr 25 · 06:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Sat, Apr 25 · 06:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Sat, Apr 25 · 06:00 PM CDT

Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation

8.0/10 · Worth your time

Infosecurity Magazinemalwaresupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, Apr 25 · 06:00 PM CDT

Google Introduces Unique AI Agent Identities in New Gemini Enterprise Platform

8.0/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, Apr 25 · 06:00 PM CDT

Google Favors General-Purpose Gemini Models Over Cybersecurity‑Specific AI

7.9/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, Apr 25 · 06:00 PM CDT

Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents

7.8/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, Apr 25 · 06:00 PM CDT

Apple Fixes iOS Notification Bug Exposing Deleted Messages

7.8/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Sat, Apr 25 · 06:00 PM CDT

NCSC Backs Passkeys, Hailing a New Era of Sign-in

7.8/10 · Worth your time

Infosecurity Magazineaipolicy

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, Apr 25 · 06:00 PM CDT

MacOS Native Tools Enable Stealthy Enterprise Attacks

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, Apr 25 · 06:00 PM CDT

NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks

7.7/10 · Worth your time

Infosecurity Magazinepolicy

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, Apr 25 · 06:00 PM CDT

UK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, Apr 25 · 06:00 PM CDT

UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China

7.6/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Wed, Jan 15 · 11:15 PM CST

CVE-2024-57726

9.9/10 · Must read/watch

NVDvuln

Summary
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

CVECVE-2024-57726

SeverityCRITICAL

TypeUPDATED

PublishedWed, Jan 15 · 11:15 PM CST

ModifiedFri, Apr 24 · 07:26 PM CDT

Open article ↗

Mon, Feb 06 · 03:59 PM CST

CVE-2015-2794

9.8/10 · Must read/watch

NVDvuln

Summary
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.

CVECVE-2015-2794

SeverityCRITICAL

TypeUPDATED

PublishedMon, Feb 06 · 03:59 PM CST

ModifiedFri, Apr 24 · 05:34 PM CDT

Open article ↗

Sun, Dec 08 · 03:15 AM CST

CVE-2019-19635

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.

CVECVE-2019-19635

SeverityCRITICAL

TypeUPDATED

PublishedSun, Dec 08 · 03:15 AM CST

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Sun, Dec 08 · 03:15 AM CST

CVE-2019-19636

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.

CVECVE-2019-19636

SeverityCRITICAL

TypeUPDATED

PublishedSun, Dec 08 · 03:15 AM CST

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Sun, Dec 08 · 03:15 AM CST

CVE-2019-19637

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.

CVECVE-2019-19637

SeverityCRITICAL

TypeUPDATED

PublishedSun, Dec 08 · 03:15 AM CST

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Sun, Dec 08 · 03:15 AM CST

CVE-2019-19638

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.

CVECVE-2019-19638

SeverityCRITICAL

TypeUPDATED

PublishedSun, Dec 08 · 03:15 AM CST

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Tue, Sep 09 · 02:15 PM CDT

CVE-2025-54236

9.1/10 · Must read/watch

NVDvuln

Summary
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue doe

CVECVE-2025-54236

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 09 · 02:15 PM CDT

ModifiedWed, Apr 22 · 07:00 PM CDT

Open article ↗

Tue, Jul 18 · 03:37 PM CDT

CVE-2006-3601

10.0/10 · Must read/watch

NVDvuln

Summary
** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, t

CVECVE-2006-3601

SeverityHIGH

TypeUPDATED

PublishedTue, Jul 18 · 03:37 PM CDT

ModifiedFri, Apr 24 · 05:34 PM CDT

Open article ↗

Fri, Dec 13 · 02:15 AM CST

CVE-2019-19777

8.8/10 · Worth your time

NVDvuln

Summary
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.

CVECVE-2019-19777

SeverityHIGH

TypeUPDATED

PublishedFri, Dec 13 · 02:15 AM CST

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Fri, Dec 13 · 02:15 AM CST

CVE-2019-19778

8.8/10 · Worth your time

NVDvuln

Summary
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.

CVECVE-2019-19778

SeverityHIGH

TypeUPDATED

PublishedFri, Dec 13 · 02:15 AM CST

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Mon, Dec 30 · 04:15 AM CST

CVE-2019-20094

8.8/10 · Worth your time

NVDvuln

Summary
An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c.

CVECVE-2019-20094

SeverityHIGH

TypeUPDATED

PublishedMon, Dec 30 · 04:15 AM CST

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Mon, Dec 30 · 05:15 PM CST

CVE-2019-20140

8.8/10 · Worth your time

NVDvuln

Summary
An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c.

CVECVE-2019-20140

SeverityHIGH

TypeUPDATED

PublishedMon, Dec 30 · 05:15 PM CST

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Thu, Jan 02 · 02:16 PM CST

CVE-2019-20205

8.8/10 · Worth your time

NVDvuln

Summary
libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.

CVECVE-2019-20205

SeverityHIGH

TypeUPDATED

PublishedThu, Jan 02 · 02:16 PM CST

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Fri, Sep 17 · 09:15 PM CDT

CVE-2020-21547

8.8/10 · Worth your time

NVDvuln

Summary
Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.

CVECVE-2020-21547

SeverityHIGH

TypeUPDATED

PublishedFri, Sep 17 · 09:15 PM CDT

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Fri, Sep 17 · 09:15 PM CDT

CVE-2020-21548

8.8/10 · Worth your time

NVDvuln

Summary
Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.

CVECVE-2020-21548

SeverityHIGH

TypeUPDATED

PublishedFri, Sep 17 · 09:15 PM CDT

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Fri, Apr 08 · 04:15 PM CDT

CVE-2021-40656

8.8/10 · Worth your time

NVDvuln

Summary
libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.

CVECVE-2021-40656

SeverityHIGH

TypeUPDATED

PublishedFri, Apr 08 · 04:15 PM CDT

ModifiedFri, Apr 24 · 01:34 PM CDT

Open article ↗

Fri, Apr 08 · 03:15 PM CDT

CVE-2022-27044

8.8/10 · Worth your time

NVDvuln

Summary
libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876.

CVECVE-2022-27044

SeverityHIGH

TypeUPDATED

PublishedFri, Apr 08 · 03:15 PM CDT

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Fri, Apr 08 · 03:15 PM CDT

CVE-2022-27046

8.8/10 · Worth your time

NVDvuln

Summary
libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.

CVECVE-2022-27046

SeverityHIGH

TypeUPDATED

PublishedFri, Apr 08 · 03:15 PM CDT

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Mon, Aug 12 · 01:38 PM CDT

CVE-2024-7399

8.8/10 · Worth your time

NVDvuln

Summary
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

CVECVE-2024-7399

SeverityHIGH

TypeUPDATED

PublishedMon, Aug 12 · 01:38 PM CDT

ModifiedFri, Apr 24 · 08:23 PM CDT

Open article ↗

Sat, Mar 21 · 04:17 AM CDT

CVE-2026-2941

8.8/10 · Worth your time

NVDvuln

Summary
The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksy_search_and_replace_item_details' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with subscriber-level access a

CVECVE-2026-2941

SeverityHIGH

TypeUPDATED

PublishedSat, Mar 21 · 04:17 AM CDT

ModifiedFri, Apr 24 · 04:27 PM CDT

Open article ↗

Sat, Mar 21 · 04:17 AM CDT

CVE-2026-3334

8.8/10 · Worth your time

NVDvuln

Summary
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or_blogname', 'or_blogdescription', and 'or_admin_email' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL quer

CVECVE-2026-3334

SeverityHIGH

TypeUPDATED

PublishedSat, Mar 21 · 04:17 AM CDT

ModifiedFri, Apr 24 · 04:27 PM CDT

Open article ↗

Tue, Dec 16 · 09:16 AM CST

CVE-2025-68055

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.32.

CVECVE-2025-68055

SeverityHIGH

TypeUPDATED

PublishedTue, Dec 16 · 09:16 AM CST

ModifiedFri, Apr 24 · 08:16 PM CDT

Open article ↗

Fri, Nov 30 · 03:29 AM CST

CVE-2018-19762

7.8/10 · Worth your time

NVDvuln

Summary
There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.

CVECVE-2018-19762

SeverityHIGH

TypeUPDATED

PublishedFri, Nov 30 · 03:29 AM CST

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Wed, Jan 02 · 03:29 PM CST

CVE-2019-3574

7.8/10 · Worth your time

NVDvuln

Summary
In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel.

CVECVE-2019-3574

SeverityHIGH

TypeUPDATED

PublishedWed, Jan 02 · 03:29 PM CST

ModifiedFri, Apr 24 · 12:56 PM CDT

Open article ↗

Fri, Dec 31 · 05:00 AM CST

CVE-2004-2324

7.5/10 · Worth your time

NVDvuln

Summary
SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.

CVECVE-2004-2324

SeverityHIGH

TypeUPDATED

PublishedFri, Dec 31 · 05:00 AM CST

ModifiedFri, Apr 24 · 05:34 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.