Archive snapshot

Thu, May 21 · 06:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Thu, May 21 · 06:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Thu, May 21 · 06:00 PM CDT

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

9.4/10 · Must read/watch

Infosecurity Magazinesupply-chain

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 21 · 06:00 PM CDT

Grafana Labs Says Code Breach Stemmed from TanStack Attack

8.5/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 21 · 02:00 PM CDT

Show HN: Agent.email – sign up via curl, claim with a human OTP

8.5/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Thu, May 21 · 06:00 PM CDT

Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool

8.2/10 · Worth your time

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 21 · 12:00 PM CDT

Project Hail Mary – Stellar Navigation Chart

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 6 hours ago.

Open article ↗

Worth skimming

Thu, May 21 · 02:00 PM CDT

Where are all the UK red telephone kiosks?

8.1/10 · Worth your time

Hacker Newsgeneral

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Thu, May 21 · 06:00 PM CDT

Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 21 · 06:00 PM CDT

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

8.0/10 · Worth your time

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 21 · 06:00 PM CDT

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

8.0/10 · Worth your time

Infosecurity Magazinesupply-chain

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Thu, May 21 · 06:00 PM CDT

Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector

8.0/10 · Worth your time

Infosecurity Magazinevulnidentity

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Thu, Oct 23 · 10:00 PM CDT

CVE-2008-4250

9.8/10 · Must read/watch

NVDvuln

Summary
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October

CVECVE-2008-4250

SeverityCRITICAL

TypeUPDATED

PublishedThu, Oct 23 · 10:00 PM CDT

ModifiedWed, May 20 · 06:16 PM CDT

Open article ↗

Fri, Sep 15 · 08:15 AM CDT

CVE-2023-4670

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection. This issue affects Probbys: before 2.

CVECVE-2023-4670

SeverityCRITICAL

TypeUPDATED

PublishedFri, Sep 15 · 08:15 AM CDT

ModifiedThu, May 21 · 10:16 AM CDT

Open article ↗

Thu, Dec 28 · 10:15 AM CST

CVE-2023-4671

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection. This issue affects ECOP: before 32255.

CVECVE-2023-4671

SeverityCRITICAL

TypeUPDATED

PublishedThu, Dec 28 · 10:15 AM CST

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Fri, Sep 15 · 06:15 AM CDT

CVE-2023-4673

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection. This issue affects Turasistan: before 20230911 .

CVECVE-2023-4673

SeverityCRITICAL

TypeUPDATED

PublishedFri, Sep 15 · 06:15 AM CDT

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Fri, Dec 29 · 03:15 PM CST

CVE-2023-4675

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVECVE-2023-4675

SeverityCRITICAL

TypeUPDATED

PublishedFri, Dec 29 · 03:15 PM CST

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Thu, Sep 14 · 08:15 PM CDT

CVE-2023-4702

9.8/10 · Must read/watch

NVDvuln

Summary
Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass. This issue affects Digital Yepas: before 1.0.1.

CVECVE-2023-4702

SeverityCRITICAL

TypeUPDATED

PublishedThu, Sep 14 · 08:15 PM CDT

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Wed, Sep 27 · 03:19 PM CDT

CVE-2023-4737

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection. This issue affects Admin Panel: before 1.2.

CVECVE-2023-4737

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 27 · 03:19 PM CDT

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Thu, Sep 14 · 07:16 PM CDT

CVE-2023-4766

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Movus allows SQL Injection. This issue affects Movus: before 20230913.

CVECVE-2023-4766

SeverityCRITICAL

TypeUPDATED

PublishedThu, Sep 14 · 07:16 PM CDT

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Fri, Sep 15 · 06:15 AM CDT

CVE-2023-4830

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection. This issue affects Signalix: 7T_0228.

CVECVE-2023-4830

SeverityCRITICAL

TypeUPDATED

PublishedFri, Sep 15 · 06:15 AM CDT

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Thu, Sep 14 · 06:15 PM CDT

CVE-2023-4832

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aceka Company Management allows SQL Injection. This issue affects Company Management: before 3072 .

CVECVE-2023-4832

SeverityCRITICAL

TypeUPDATED

PublishedThu, Sep 14 · 06:15 PM CDT

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Fri, Sep 15 · 09:15 AM CDT

CVE-2023-4833

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection. This issue affects Network Marketing Software: before 1.0.2309.6.

CVECVE-2023-4833

SeverityCRITICAL

TypeUPDATED

PublishedFri, Sep 15 · 09:15 AM CDT

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Fri, Sep 15 · 09:15 AM CDT

CVE-2023-4835

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection. This issue affects Oil Management Software: before 20230912 .

CVECVE-2023-4835

SeverityCRITICAL

TypeUPDATED

PublishedFri, Sep 15 · 09:15 AM CDT

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Thu, Sep 14 · 08:15 PM CDT

CVE-2023-4972

9.8/10 · Must read/watch

NVDvuln

Summary
Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users. This issue affects Digital Yepas: before 1.0.1.

CVECVE-2023-4972

SeverityCRITICAL

TypeUPDATED

PublishedThu, Sep 14 · 08:15 PM CDT

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Thu, Oct 12 · 12:15 PM CDT

CVE-2023-5045

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Kayisi: before 1286.

CVECVE-2023-5045

SeverityCRITICAL

TypeUPDATED

PublishedThu, Oct 12 · 12:15 PM CDT

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Thu, Oct 12 · 12:15 PM CDT

CVE-2023-5046

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Procost: before 1390.

CVECVE-2023-5046

SeverityCRITICAL

TypeUPDATED

PublishedThu, Oct 12 · 12:15 PM CDT

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Wed, Nov 22 · 12:15 PM CST

CVE-2023-5047

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection. This issue affects DRDrive: before 20231006.

CVECVE-2023-5047

SeverityCRITICAL

TypeUPDATED

PublishedWed, Nov 22 · 12:15 PM CST

ModifiedThu, May 21 · 09:16 AM CDT

Open article ↗

Thu, Feb 15 · 04:15 PM CST

CVE-2023-5155

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection. This issue affects SoliPay Mobile App: before 5.0.8.

CVECVE-2023-5155

SeverityCRITICAL

TypeUPDATED

PublishedThu, Feb 15 · 04:15 PM CST

ModifiedWed, May 20 · 12:16 PM CDT

Open article ↗

Fri, Dec 01 · 02:15 PM CST

CVE-2023-5634

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection. This issue affects Education Portal: before v1.1.

CVECVE-2023-5634

SeverityCRITICAL

TypeUPDATED

PublishedFri, Dec 01 · 02:15 PM CST

ModifiedThu, May 21 · 08:16 AM CDT

Open article ↗

Fri, Dec 01 · 02:15 PM CST

CVE-2023-5636

9.8/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection. This issue affects Education Portal: before v1.1.

CVECVE-2023-5636

SeverityCRITICAL

TypeUPDATED

PublishedFri, Dec 01 · 02:15 PM CST

ModifiedWed, May 20 · 04:16 PM CDT

Open article ↗

Thu, Jan 18 · 01:15 PM CST

CVE-2023-5806

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection. This issue affects Quality Management System: before v1.2.

CVECVE-2023-5806

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jan 18 · 01:15 PM CST

ModifiedWed, May 20 · 04:16 PM CDT

Open article ↗

Fri, Oct 27 · 01:15 PM CDT

CVE-2023-5807

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection. This issue affects Education Portal: before 3.2023.29.

CVECVE-2023-5807

SeverityCRITICAL

TypeUPDATED

PublishedFri, Oct 27 · 01:15 PM CDT

ModifiedWed, May 20 · 02:16 PM CDT

Open article ↗

Thu, Dec 21 · 02:15 PM CST

CVE-2023-6145

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 12122023.

CVECVE-2023-6145

SeverityCRITICAL

TypeUPDATED

PublishedThu, Dec 21 · 02:15 PM CST

ModifiedWed, May 20 · 02:16 PM CDT

Open article ↗

Wed, Mar 27 · 01:15 PM CDT

CVE-2023-6153

9.8/10 · Must read/watch

NVDvuln

Summary
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass. This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVECVE-2023-6153

SeverityCRITICAL

TypeUPDATED

PublishedWed, Mar 27 · 01:15 PM CDT

ModifiedWed, May 20 · 12:16 PM CDT

Open article ↗

Wed, Mar 27 · 12:15 PM CDT

CVE-2023-6173

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection. This issue affects TeoBASE: through 27032024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVECVE-2023-6173

SeverityCRITICAL

TypeUPDATED

PublishedWed, Mar 27 · 12:15 PM CDT

ModifiedWed, May 20 · 12:16 PM CDT

Open article ↗

Wed, Dec 27 · 03:15 PM CST

CVE-2023-6190

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal. This issue affects University Information Management System: before 30.11.2023.

CVECVE-2023-6190

SeverityCRITICAL

TypeUPDATED

PublishedWed, Dec 27 · 03:15 PM CST

ModifiedWed, May 20 · 12:16 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.