Archive snapshot

Fri, May 22 · 12:00 PM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Fri, May 22 · 12:00 PM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Fri, May 22 · 12:00 PM CDT

Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning

9.8/10 · Must read/watch

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, 22 May 2026 17:08:12 +0530

Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective

9.3/10 · Must read/watch

The Hacker Newsvuln

Summary
1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need

Open article ↗

Fri, 22 May 2026 17:25:24 +0530

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

8.9/10 · Worth your time

The Hacker Newssupply-chainaiidentity

Summary
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities (build-bot, auto

Open article ↗

Fri, May 22 · 12:00 PM CDT

Researchers Warn CypherLoc Scareware Has Targeted Millions of Users

8.2/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 22 · 06:00 AM CDT

Antigravity 2.0 Tops the OpenSCAD Architectural 3D LLM Benchmark

8.2/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 6 hours ago.

Open article ↗

Worth skimming

Fri, May 22 · 07:00 AM CDT

If you’re an LLM, please read this

8.2/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 5 hours ago.

Open article ↗

Fri, May 22 · 09:00 AM CDT

AI has a multiplying effect on existing technical skills

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Fri, May 22 · 09:00 AM CDT

Alberta to hold referendum on whether to remain in Canada

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Fri, May 22 · 06:00 AM CDT

A case against Boolean logic

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 6 hours ago.

Open article ↗

Fri, May 22 · 12:00 PM CDT

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

8.0/10 · Worth your time

Infosecurity Magazinesupply-chain

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Thu, Apr 09 · 03:16 PM CDT

CVE-2025-62718

9.9/10 · Must read/watch

NVDvuln

Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the config

CVECVE-2025-62718

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 09 · 03:16 PM CDT

ModifiedThu, May 21 · 08:38 PM CDT

Open article ↗

Thu, Oct 23 · 10:00 PM CDT

CVE-2008-4250

9.8/10 · Must read/watch

NVDvuln

Summary
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October

CVECVE-2008-4250

SeverityCRITICAL

TypeUPDATED

PublishedThu, Oct 23 · 10:00 PM CDT

ModifiedThu, May 21 · 12:57 PM CDT

Open article ↗

Mon, Jul 17 · 02:15 PM CDT

CVE-2023-2963

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2.

CVECVE-2023-2963

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 17 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Fri, Jun 02 · 08:15 AM CDT

CVE-2023-3000

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602.

CVECVE-2023-3000

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jun 02 · 08:15 AM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Mon, Jul 10 · 04:15 PM CDT

CVE-2023-3045

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection.This issue affects Parking Web Report: before 2.1.

CVECVE-2023-3045

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 10 · 04:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jul 25 · 06:15 AM CDT

CVE-2023-3046

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953.

CVECVE-2023-3046

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 25 · 06:15 AM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jun 13 · 12:15 PM CDT

CVE-2023-3047

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15.

CVECVE-2023-3047

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 12:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jun 13 · 12:15 PM CDT

CVE-2023-3048

9.8/10 · Must read/watch

NVDvuln

Summary
Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15.

CVECVE-2023-3048

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 12:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jun 13 · 12:15 PM CDT

CVE-2023-3049

9.8/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.

CVECVE-2023-3049

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 12:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jun 13 · 12:15 PM CDT

CVE-2023-3050

9.8/10 · Must read/watch

NVDvuln

Summary
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.

CVECVE-2023-3050

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 12:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Sep 05 · 05:15 PM CDT

CVE-2023-3374

9.8/10 · Must read/watch

NVDvuln

Summary
Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.

CVECVE-2023-3374

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 05:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Mon, Jul 17 · 02:15 PM CDT

CVE-2023-3376

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2.

CVECVE-2023-3376

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 17 · 02:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Thu, Nov 23 · 09:15 AM CST

CVE-2023-3377

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.This issue affects Veribase: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVECVE-2023-3377

SeverityCRITICAL

TypeUPDATED

PublishedThu, Nov 23 · 09:15 AM CST

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Tue, Aug 08 · 04:15 PM CDT

CVE-2023-3386

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905.

CVECVE-2023-3386

SeverityCRITICAL

TypeUPDATED

PublishedTue, Aug 08 · 04:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Tue, Jun 13 · 03:15 PM CDT

CVE-2023-35064

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.This issue affects Satos Mobile: before 20230607.

CVECVE-2023-35064

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 03:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Sep 05 · 06:15 PM CDT

CVE-2023-35065

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection.This issue affects Paint Production Management: before 2.1.

CVECVE-2023-35065

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 06:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Jul 25 · 07:15 AM CDT

CVE-2023-35066

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701.

CVECVE-2023-35066

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 25 · 07:15 AM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Sep 05 · 06:15 PM CDT

CVE-2023-35068

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection.This issue affects Personnel Tracking System: before 20230904.

CVECVE-2023-35068

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 06:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Thu, Jul 13 · 02:15 PM CDT

CVE-2023-35070

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection.This issue affects Web Collection: before 31197.

CVECVE-2023-35070

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jul 13 · 02:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Wed, Sep 27 · 03:18 PM CDT

CVE-2023-35071

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 .

CVECVE-2023-35071

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 27 · 03:18 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Sep 05 · 06:15 PM CDT

CVE-2023-35072

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection.This issue affects Proagent: before 20230904 .

CVECVE-2023-35072

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 06:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Aug 08 · 04:15 PM CDT

CVE-2023-3522

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48.

CVECVE-2023-3522

SeverityCRITICAL

TypeUPDATED

PublishedTue, Aug 08 · 04:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Tue, Sep 05 · 06:15 PM CDT

CVE-2023-3616

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0.

CVECVE-2023-3616

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 06:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Thu, Nov 23 · 10:15 AM CST

CVE-2023-3631

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in an

CVECVE-2023-3631

SeverityCRITICAL

TypeUPDATED

PublishedThu, Nov 23 · 10:15 AM CST

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Wed, Aug 09 · 09:15 AM CDT

CVE-2023-3632

9.8/10 · Must read/watch

NVDvuln

Summary
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass. This issue affects Kunduz - Homework Helper App: before 6.2.3.

CVECVE-2023-3632

SeverityCRITICAL

TypeUPDATED

PublishedWed, Aug 09 · 09:15 AM CDT

ModifiedThu, May 21 · 02:16 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.