Archive snapshot

Fri, May 22 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Fri, May 22 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Fri, 22 May 2026 11:17:33 +0530

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

9.3/10 · Must read/watch

The Hacker Newsvulnpolicy

Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities

Open article ↗

Fri, 22 May 2026 11:06:18 +0530

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

8.7/10 · Worth your time

The Hacker Newsvulnidentity

Summary
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient

Open article ↗

Fri, May 22 · 06:00 AM CDT

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

8.5/10 · Worth your time

Infosecurity Magazinesupply-chain

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 22 · 06:00 AM CDT

Apple Blocked $2.2bn in App Store Fraud in the Last Year

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, 22 May 2026 14:20:18 +0530

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

8.1/10 · Worth your time

The Hacker Newsgeneral

Summary
The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been char

Open article ↗

Worth skimming

Fri, May 22 · 05:47 AM CDT

The case against boolean logic

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 13 minutes ago.

Open article ↗

Fri, May 22 · 05:00 AM CDT

Steve Wozniak cheered after telling students they have AI – actual intelligence

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Fri, May 22 · 05:11 AM CDT

FSFE intervenes against Apple before EUCJ for the second time

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 49 minutes ago.

Open article ↗

Fri, May 22 · 06:00 AM CDT

Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 22 · 06:00 AM CDT

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

8.0/10 · Worth your time

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Thu, Apr 09 · 03:16 PM CDT

CVE-2025-62718

9.9/10 · Must read/watch

NVDvuln

Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the config

CVECVE-2025-62718

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 09 · 03:16 PM CDT

ModifiedThu, May 21 · 08:38 PM CDT

Open article ↗

Thu, Oct 23 · 10:00 PM CDT

CVE-2008-4250

9.8/10 · Must read/watch

NVDvuln

Summary
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October

CVECVE-2008-4250

SeverityCRITICAL

TypeUPDATED

PublishedThu, Oct 23 · 10:00 PM CDT

ModifiedThu, May 21 · 12:57 PM CDT

Open article ↗

Mon, Jul 17 · 02:15 PM CDT

CVE-2023-2963

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2.

CVECVE-2023-2963

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 17 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Fri, Jun 02 · 08:15 AM CDT

CVE-2023-3000

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602.

CVECVE-2023-3000

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jun 02 · 08:15 AM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Mon, Jul 10 · 04:15 PM CDT

CVE-2023-3045

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection.This issue affects Parking Web Report: before 2.1.

CVECVE-2023-3045

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 10 · 04:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jul 25 · 06:15 AM CDT

CVE-2023-3046

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953.

CVECVE-2023-3046

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 25 · 06:15 AM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jun 13 · 12:15 PM CDT

CVE-2023-3047

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15.

CVECVE-2023-3047

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 12:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jun 13 · 12:15 PM CDT

CVE-2023-3048

9.8/10 · Must read/watch

NVDvuln

Summary
Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15.

CVECVE-2023-3048

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 12:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jun 13 · 12:15 PM CDT

CVE-2023-3049

9.8/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.

CVECVE-2023-3049

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 12:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jun 13 · 12:15 PM CDT

CVE-2023-3050

9.8/10 · Must read/watch

NVDvuln

Summary
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.

CVECVE-2023-3050

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 12:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Sep 05 · 05:15 PM CDT

CVE-2023-3374

9.8/10 · Must read/watch

NVDvuln

Summary
Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.

CVECVE-2023-3374

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 05:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Mon, Jul 17 · 02:15 PM CDT

CVE-2023-3376

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2.

CVECVE-2023-3376

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 17 · 02:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Thu, Nov 23 · 09:15 AM CST

CVE-2023-3377

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.This issue affects Veribase: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVECVE-2023-3377

SeverityCRITICAL

TypeUPDATED

PublishedThu, Nov 23 · 09:15 AM CST

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Tue, Aug 08 · 04:15 PM CDT

CVE-2023-3386

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905.

CVECVE-2023-3386

SeverityCRITICAL

TypeUPDATED

PublishedTue, Aug 08 · 04:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Tue, Jun 13 · 03:15 PM CDT

CVE-2023-35064

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.This issue affects Satos Mobile: before 20230607.

CVECVE-2023-35064

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 03:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Sep 05 · 06:15 PM CDT

CVE-2023-35065

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection.This issue affects Paint Production Management: before 2.1.

CVECVE-2023-35065

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 06:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Jul 25 · 07:15 AM CDT

CVE-2023-35066

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701.

CVECVE-2023-35066

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 25 · 07:15 AM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Sep 05 · 06:15 PM CDT

CVE-2023-35068

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection.This issue affects Personnel Tracking System: before 20230904.

CVECVE-2023-35068

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 06:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Thu, Jul 13 · 02:15 PM CDT

CVE-2023-35070

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection.This issue affects Web Collection: before 31197.

CVECVE-2023-35070

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jul 13 · 02:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Wed, Sep 27 · 03:18 PM CDT

CVE-2023-35071

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 .

CVECVE-2023-35071

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 27 · 03:18 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Sep 05 · 06:15 PM CDT

CVE-2023-35072

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection.This issue affects Proagent: before 20230904 .

CVECVE-2023-35072

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 06:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Aug 08 · 04:15 PM CDT

CVE-2023-3522

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48.

CVECVE-2023-3522

SeverityCRITICAL

TypeUPDATED

PublishedTue, Aug 08 · 04:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Tue, Sep 05 · 06:15 PM CDT

CVE-2023-3616

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0.

CVECVE-2023-3616

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 06:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Thu, Nov 23 · 10:15 AM CST

CVE-2023-3631

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in an

CVECVE-2023-3631

SeverityCRITICAL

TypeUPDATED

PublishedThu, Nov 23 · 10:15 AM CST

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Wed, Aug 09 · 09:15 AM CDT

CVE-2023-3632

9.8/10 · Must read/watch

NVDvuln

Summary
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass. This issue affects Kunduz - Homework Helper App: before 6.2.3.

CVECVE-2023-3632

SeverityCRITICAL

TypeUPDATED

PublishedWed, Aug 09 · 09:15 AM CDT

ModifiedThu, May 21 · 02:16 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.