Archive snapshot

Sat, May 23 · 12:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Sat, May 23 · 12:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

2

NVD vulnerabilities

25

Top stories

Sat, May 23 · 12:00 AM CDT

Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning

8.9/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 12:00 AM CDT

China-Linked Webworm APT Evolves Tactics, Expands to European Targets

8.1/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Fri, May 22 · 11:00 PM CDT

Microsoft reports AI is more expensive than paying human employees

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 1 hour ago.

Open article ↗

Fri, May 22 · 09:00 PM CDT

Neutron scattering explains why gluten-free pasta falls apart (2025)

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Sat, May 23 · 12:00 AM CDT

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

8.0/10 · Worth your time

Infosecurity Magazinesupply-chain

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Sat, May 23 · 12:00 AM CDT

Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 12:00 AM CDT

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

8.0/10 · Worth your time

Infosecurity Magazinesupply-chainai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 12:00 AM CDT

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

8.0/10 · Worth your time

Infosecurity Magazinesupply-chain

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 12:00 AM CDT

Apple Blocked $2.2bn in App Store Fraud in the Last Year

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sat, May 23 · 12:00 AM CDT

Three-Quarters of Firms Knowingly Ship Vulnerable Code

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

John Hammond

6.8/10 · Skim only if relevant

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
Free Cybersecurity Education and Ethical Hacking.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NahamSec

6.6/10 · Skim only if relevant

YouTube / NahamSecgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
HACK THE PLANET!! Hi! I'm NahamSec. I think everyone can be a hacker and I'm on a mission to prove that!

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Thu, Apr 09 · 03:16 PM CDT

CVE-2025-62718

9.9/10 · Must read/watch

NVDvuln

Summary
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the config

CVECVE-2025-62718

SeverityCRITICAL

TypeUPDATED

PublishedThu, Apr 09 · 03:16 PM CDT

ModifiedThu, May 21 · 08:38 PM CDT

Open article ↗

Thu, Oct 23 · 10:00 PM CDT

CVE-2008-4250

9.8/10 · Must read/watch

NVDvuln

Summary
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October

CVECVE-2008-4250

SeverityCRITICAL

TypeUPDATED

PublishedThu, Oct 23 · 10:00 PM CDT

ModifiedThu, May 21 · 12:57 PM CDT

Open article ↗

Mon, Jul 17 · 02:15 PM CDT

CVE-2023-2963

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2.

CVECVE-2023-2963

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 17 · 02:15 PM CDT

ModifiedThu, Nov 21 · 07:59 AM CST

Open article ↗

Fri, Jun 02 · 08:15 AM CDT

CVE-2023-3000

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602.

CVECVE-2023-3000

SeverityCRITICAL

TypeUPDATED

PublishedFri, Jun 02 · 08:15 AM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Mon, Jul 10 · 04:15 PM CDT

CVE-2023-3045

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection.This issue affects Parking Web Report: before 2.1.

CVECVE-2023-3045

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 10 · 04:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jul 25 · 06:15 AM CDT

CVE-2023-3046

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953.

CVECVE-2023-3046

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 25 · 06:15 AM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jun 13 · 12:15 PM CDT

CVE-2023-3047

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15.

CVECVE-2023-3047

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 12:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jun 13 · 12:15 PM CDT

CVE-2023-3048

9.8/10 · Must read/watch

NVDvuln

Summary
Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15.

CVECVE-2023-3048

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 12:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jun 13 · 12:15 PM CDT

CVE-2023-3049

9.8/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.

CVECVE-2023-3049

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 12:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Jun 13 · 12:15 PM CDT

CVE-2023-3050

9.8/10 · Must read/watch

NVDvuln

Summary
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.

CVECVE-2023-3050

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 12:15 PM CDT

ModifiedThu, Nov 21 · 08:16 AM CST

Open article ↗

Tue, Sep 05 · 05:15 PM CDT

CVE-2023-3374

9.8/10 · Must read/watch

NVDvuln

Summary
Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.

CVECVE-2023-3374

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 05:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Mon, Jul 17 · 02:15 PM CDT

CVE-2023-3376

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2.

CVECVE-2023-3376

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 17 · 02:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Thu, Nov 23 · 09:15 AM CST

CVE-2023-3377

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.This issue affects Veribase: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVECVE-2023-3377

SeverityCRITICAL

TypeUPDATED

PublishedThu, Nov 23 · 09:15 AM CST

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Tue, Aug 08 · 04:15 PM CDT

CVE-2023-3386

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905.

CVECVE-2023-3386

SeverityCRITICAL

TypeUPDATED

PublishedTue, Aug 08 · 04:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Tue, Jun 13 · 03:15 PM CDT

CVE-2023-35064

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.This issue affects Satos Mobile: before 20230607.

CVECVE-2023-35064

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 13 · 03:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Sep 05 · 06:15 PM CDT

CVE-2023-35065

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection.This issue affects Paint Production Management: before 2.1.

CVECVE-2023-35065

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 06:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Jul 25 · 07:15 AM CDT

CVE-2023-35066

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701.

CVECVE-2023-35066

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 25 · 07:15 AM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Sep 05 · 06:15 PM CDT

CVE-2023-35068

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection.This issue affects Personnel Tracking System: before 20230904.

CVECVE-2023-35068

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 06:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Thu, Jul 13 · 02:15 PM CDT

CVE-2023-35070

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection.This issue affects Web Collection: before 31197.

CVECVE-2023-35070

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jul 13 · 02:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Wed, Sep 27 · 03:18 PM CDT

CVE-2023-35071

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 .

CVECVE-2023-35071

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 27 · 03:18 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Sep 05 · 06:15 PM CDT

CVE-2023-35072

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection.This issue affects Proagent: before 20230904 .

CVECVE-2023-35072

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 06:15 PM CDT

ModifiedThu, Nov 21 · 08:07 AM CST

Open article ↗

Tue, Aug 08 · 04:15 PM CDT

CVE-2023-3522

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48.

CVECVE-2023-3522

SeverityCRITICAL

TypeUPDATED

PublishedTue, Aug 08 · 04:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Tue, Sep 05 · 06:15 PM CDT

CVE-2023-3616

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0.

CVECVE-2023-3616

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 05 · 06:15 PM CDT

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Thu, Nov 23 · 10:15 AM CST

CVE-2023-3631

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in an

CVECVE-2023-3631

SeverityCRITICAL

TypeUPDATED

PublishedThu, Nov 23 · 10:15 AM CST

ModifiedThu, Nov 21 · 08:17 AM CST

Open article ↗

Wed, Aug 09 · 09:15 AM CDT

CVE-2023-3632

9.8/10 · Must read/watch

NVDvuln

Summary
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass. This issue affects Kunduz - Homework Helper App: before 6.2.3.

CVECVE-2023-3632

SeverityCRITICAL

TypeUPDATED

PublishedWed, Aug 09 · 09:15 AM CDT

ModifiedThu, May 21 · 02:16 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.