Archive snapshot

Tue, Apr 28 · 06:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Tue, Apr 28 · 06:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Tue, 28 Apr 2026 23:49:00 +0530

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

9.8/10 · Must read/watch

The Hacker Newsvulnsupply-chainaiidentity

Summary
Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked a

Open article ↗

Tue, Apr 28 · 12:00 PM CDT

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

9.8/10 · Must read/watch

Hacker Newsvulnsupply-chain

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 6 hours ago.

Open article ↗

Tue, Apr 28 · 06:00 PM CDT

Medtronic Confirms Data Breach After ShinyHunters Claims

9.4/10 · Must read/watch

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, Apr 28 · 06:00 PM CDT

Ransomware Turf War as 0APT and KryBit Groups Trade Blows

9.4/10 · Must read/watch

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, Apr 28 · 03:00 PM CDT

OpenAI models coming to Amazon Bedrock: Interview with OpenAI and AWS CEOs

9.2/10 · Must read/watch

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Worth skimming

Tue, Apr 28 · 04:00 PM CDT

Behavioral timescale synaptic plasticity rewires the brain after an experience

8.9/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 2 hours ago.

Open article ↗

Tue, 28 Apr 2026 23:09:00 +0530

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

8.6/10 · Worth your time

The Hacker Newsmalwareai

Summary
A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). "The malware disguises itself as a Minecraft hack called 'Slinky,'"

Open article ↗

Tue, Apr 28 · 03:00 PM CDT

Ghostty is leaving GitHub

8.4/10 · Worth your time

Hacker Newssupply-chain

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Tue, Apr 28 · 05:00 PM CDT

Before GitHub

8.4/10 · Worth your time

Hacker Newssupply-chain

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Tue, Apr 28 · 06:00 PM CDT

Chinese National Extradited Over Silk Typhoon Cyber Campaign

8.2/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Mon, Aug 12 · 03:15 PM CDT

CVE-2024-42479

10.0/10 · Must read/watch

NVDvuln

Summary
llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.

CVECVE-2024-42479

SeverityCRITICAL

TypeUPDATED

PublishedMon, Aug 12 · 03:15 PM CDT

ModifiedMon, Apr 27 · 05:44 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-58963

10.0/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9.

CVECVE-2025-58963

SeverityCRITICAL

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 08:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-49380

9.8/10 · Must read/watch

NVDvuln

Summary
Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through <= 3.7.

CVECVE-2025-49380

SeverityCRITICAL

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 08:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-59007

9.8/10 · Must read/watch

NVDvuln

Summary
Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through <= 1.0.1.

CVECVE-2025-59007

SeverityCRITICAL

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 08:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-49915

9.3/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through <= 3.8.5.

CVECVE-2025-49915

SeverityCRITICAL

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 08:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-49931

9.3/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through <= 3.5.10.

CVECVE-2025-49931

SeverityCRITICAL

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 08:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-59557

9.3/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: from n/a through < 1.7.5.

CVECVE-2025-59557

SeverityCRITICAL

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 08:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-52758

9.1/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy zippy allows Using Malicious Files.This issue affects Zippy: from n/a through <= 1.7.0.

CVECVE-2025-52758

SeverityCRITICAL

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 05:16 PM CDT

Open article ↗

Tue, Sep 09 · 02:15 PM CDT

CVE-2025-54236

9.1/10 · Must read/watch

NVDvuln

Summary
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue doe

CVECVE-2025-54236

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 09 · 02:15 PM CDT

ModifiedWed, Apr 22 · 07:00 PM CDT

Open article ↗

Mon, Feb 26 · 04:27 PM CST

CVE-2024-21802

8.8/10 · Worth your time

NVDvuln

Summary
A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVECVE-2024-21802

SeverityHIGH

TypeUPDATED

PublishedMon, Feb 26 · 04:27 PM CST

ModifiedMon, Apr 27 · 05:42 PM CDT

Open article ↗

Mon, Feb 26 · 04:27 PM CST

CVE-2024-21825

8.8/10 · Worth your time

NVDvuln

Summary
A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVECVE-2024-21825

SeverityHIGH

TypeUPDATED

PublishedMon, Feb 26 · 04:27 PM CST

ModifiedMon, Apr 27 · 05:42 PM CDT

Open article ↗

Mon, Feb 26 · 04:27 PM CST

CVE-2024-21836

8.8/10 · Worth your time

NVDvuln

Summary
A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVECVE-2024-21836

SeverityHIGH

TypeUPDATED

PublishedMon, Feb 26 · 04:27 PM CST

ModifiedMon, Apr 27 · 05:42 PM CDT

Open article ↗

Mon, Feb 26 · 04:27 PM CST

CVE-2024-23496

8.8/10 · Worth your time

NVDvuln

Summary
A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVECVE-2024-23496

SeverityHIGH

TypeUPDATED

PublishedMon, Feb 26 · 04:27 PM CST

ModifiedMon, Apr 27 · 05:42 PM CDT

Open article ↗

Mon, Feb 26 · 04:27 PM CST

CVE-2024-23605

8.8/10 · Worth your time

NVDvuln

Summary
A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVECVE-2024-23605

SeverityHIGH

TypeUPDATED

PublishedMon, Feb 26 · 04:27 PM CST

ModifiedMon, Apr 27 · 05:44 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-60041

8.8/10 · Worth your time

NVDvuln

Summary
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iulia Cazan Emails Catch All emails-catch-all allows Password Recovery Exploitation.This issue affects Emails Catch All: from n/a through <= 3.5.3.

CVECVE-2025-60041

SeverityHIGH

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 04:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-49916

8.6/10 · Worth your time

NVDvuln

Summary
Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MultiVendorX: from n/a through <= 4.2.23.

CVECVE-2025-49916

SeverityHIGH

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 08:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-60227

8.6/10 · Worth your time

NVDvuln

Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue affects WP Pipes: from n/a through <= 1.4.3.

CVECVE-2025-60227

SeverityHIGH

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 04:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-48091

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through <= 0.3.6.

CVECVE-2025-48091

SeverityHIGH

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 08:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-49378

8.5/10 · Worth your time

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.10.

CVECVE-2025-49378

SeverityHIGH

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 08:16 PM CDT

Open article ↗

Tue, Oct 14 · 10:15 PM CDT

CVE-2025-49552

8.1/10 · Worth your time

NVDvuln

Summary
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page

CVECVE-2025-49552

SeverityHIGH

TypeUPDATED

PublishedTue, Oct 14 · 10:15 PM CDT

ModifiedTue, Apr 28 · 02:16 AM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-58958

8.1/10 · Worth your time

NVDvuln

Summary
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affects SmilePure: from n/a through < 1.8.5.

CVECVE-2025-58958

SeverityHIGH

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 08:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-58967

8.1/10 · Worth your time

NVDvuln

Summary
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects Businext: from n/a through < 2.4.4.

CVECVE-2025-58967

SeverityHIGH

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 08:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-58959

7.7/10 · Worth your time

NVDvuln

Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through <= 6.4.

CVECVE-2025-58959

SeverityHIGH

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 08:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-59566

7.7/10 · Worth your time

NVDvuln

Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows Path Traversal.This issue affects Workreap (theme's plugin): from n/a through <= 3.3.5.

CVECVE-2025-59566

SeverityHIGH

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 08:16 PM CDT

Open article ↗

Wed, Oct 22 · 03:15 PM CDT

CVE-2025-60217

7.7/10 · Worth your time

NVDvuln

Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ypromo PT Luxa Addons pt-luxa-addons allows Path Traversal.This issue affects PT Luxa Addons: from n/a through <= 1.2.2.

CVECVE-2025-60217

SeverityHIGH

TypeUPDATED

PublishedWed, Oct 22 · 03:15 PM CDT

ModifiedMon, Apr 27 · 04:16 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.