Archive snapshot

Sun, Jun 07 · 12:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Sun, Jun 07 · 12:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

0

NVD vulnerabilities

25

Top stories

Sat, Jun 06 · 09:00 PM CDT

An Ohio Valley 100k-Watt FM Signal Is Severed in Broad Daylight – Radio World

8.4/10 · Worth your time

Hacker Newsgeneral

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Sat, Jun 06 · 08:00 PM CDT

Public Domain Image Archive

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 4 hours ago.

Open article ↗

Sun, Jun 07 · 12:00 AM CDT

Infosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft Warns

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sun, Jun 07 · 12:00 AM CDT

Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark

8.0/10 · Worth your time

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Sun, Jun 07 · 12:00 AM CDT

Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites

8.0/10 · Worth your time

Infosecurity Magazinevuln

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Sat, Jun 06 · 09:00 PM CDT

Tokenomics: Quantifying Where Tokens Are Used in Agentic Software Engineering

8.0/10 · Worth your time

Hacker Newsgeneral

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Sat, Jun 06 · 07:00 PM CDT

Harness engineering: Leveraging Codex in an agent-first world

8.0/10 · Worth your time

Hacker Newsgeneral

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 5 hours ago.

Open article ↗

Sat, Jun 06 · 09:00 PM CDT

Biohub releases a world model of protein biology

7.9/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Sat, Jun 06 · 10:00 PM CDT

Show HN: TakoVM – Isolated model and tool execution used by enterprises

7.9/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 2 hours ago.

Open article ↗

Sun, Jun 07 · 12:00 AM CDT

Infosecurity Europe: How Proton Fights Against Cybercriminals Using Its Services

7.8/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Nothing surfaced yet.

NVD vulnerabilities

Tue, Jul 22 · 12:15 PM CDT

CVE-2025-4285

10.0/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL Injection. This issue affects Agentis: before 4.32.

CVECVE-2025-4285

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 22 · 12:15 PM CDT

ModifiedFri, Jun 05 · 06:16 PM CDT

Open article ↗

Tue, Jun 24 · 05:15 PM CDT

CVE-2025-4378

10.0/10 · Must read/watch

NVDvuln

Summary
Cleartext Transmission of Sensitive Information, Use of Hard-coded Credentials vulnerability in Ataturk University ATA-AOF Mobile Application allows Authentication Abuse, Authentication Bypass. This issue affects ATA-AOF Mobile Application: before 20.06.2025.

CVECVE-2025-4378

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 24 · 05:15 PM CDT

ModifiedFri, Jun 05 · 04:16 PM CDT

Open article ↗

Thu, Jul 24 · 01:15 PM CDT

CVE-2025-5243

10.0/10 · Must read/watch

NVDvuln

Summary
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information Portal: before 13.06.2025

CVECVE-2025-5243

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jul 24 · 01:15 PM CDT

ModifiedFri, Jun 05 · 03:16 PM CDT

Open article ↗

Tue, Jul 16 · 02:15 PM CDT

CVE-2019-1010292

9.8/10 · Must read/watch

NVDvuln

Summary
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.

CVECVE-2019-1010292

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 16 · 02:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Mon, Jul 15 · 06:15 PM CDT

CVE-2019-1010293

9.8/10 · Must read/watch

NVDvuln

Summary
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.

CVECVE-2019-1010293

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 15 · 06:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Mon, Jul 15 · 06:15 PM CDT

CVE-2019-1010295

9.8/10 · Must read/watch

NVDvuln

Summary
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.

CVECVE-2019-1010295

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 15 · 06:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Mon, Jul 15 · 06:15 PM CDT

CVE-2019-1010296

9.8/10 · Must read/watch

NVDvuln

Summary
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

CVECVE-2019-1010296

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 15 · 06:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Mon, Jul 15 · 06:15 PM CDT

CVE-2019-1010297

9.8/10 · Must read/watch

NVDvuln

Summary
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.

CVECVE-2019-1010297

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 15 · 06:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Mon, Jul 15 · 06:15 PM CDT

CVE-2019-1010298

9.8/10 · Must read/watch

NVDvuln

Summary
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

CVECVE-2019-1010298

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 15 · 06:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Mon, Dec 20 · 08:15 AM CST

CVE-2021-44732

9.8/10 · Must read/watch

NVDvuln

Summary
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

CVECVE-2021-44732

SeverityCRITICAL

TypeUPDATED

PublishedMon, Dec 20 · 08:15 AM CST

ModifiedFri, Jun 05 · 07:38 PM CDT

Open article ↗

Thu, Dec 15 · 11:15 PM CST

CVE-2022-46393

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

CVECVE-2022-46393

SeverityCRITICAL

TypeUPDATED

PublishedThu, Dec 15 · 11:15 PM CST

ModifiedFri, Jun 05 · 07:38 PM CDT

Open article ↗

Sat, Oct 07 · 01:15 AM CDT

CVE-2023-45199

9.8/10 · Must read/watch

NVDvuln

Summary
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.

CVECVE-2023-45199

SeverityCRITICAL

TypeUPDATED

PublishedSat, Oct 07 · 01:15 AM CDT

ModifiedFri, Jun 05 · 07:38 PM CDT

Open article ↗

Thu, Sep 05 · 07:15 PM CDT

CVE-2024-45158

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in inter

CVECVE-2024-45158

SeverityCRITICAL

TypeUPDATED

PublishedThu, Sep 05 · 07:15 PM CDT

ModifiedFri, Jun 05 · 07:38 PM CDT

Open article ↗

Thu, Sep 05 · 07:15 PM CDT

CVE-2024-45159

9.8/10 · Must read/watch

NVDvuln

Summary
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have t

CVECVE-2024-45159

SeverityCRITICAL

TypeUPDATED

PublishedThu, Sep 05 · 07:15 PM CDT

ModifiedFri, Jun 05 · 07:38 PM CDT

Open article ↗

Tue, Oct 15 · 08:15 PM CDT

CVE-2024-49195

9.8/10 · Must read/watch

NVDvuln

Summary
Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair

CVECVE-2024-49195

SeverityCRITICAL

TypeUPDATED

PublishedTue, Oct 15 · 08:15 PM CDT

ModifiedFri, Jun 05 · 07:38 PM CDT

Open article ↗

Tue, Jul 30 · 01:15 PM CDT

CVE-2024-6699

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc. Mikafon MA7 allows SQL Injection. This issue affects Mikafon MA7: from v3.0 before v3.1.

CVECVE-2024-6699

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 30 · 01:15 PM CDT

ModifiedFri, Jun 05 · 01:16 PM CDT

Open article ↗

Wed, Sep 03 · 09:15 AM CDT

CVE-2025-1740

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force. This issue affects MyRezzta: from s2.03.01 before v2.05.01.

CVECVE-2025-1740

SeverityCRITICAL

TypeUPDATED

PublishedWed, Sep 03 · 09:15 AM CDT

ModifiedSat, Jun 06 · 08:16 AM CDT

Open article ↗

Fri, May 02 · 12:15 PM CDT

CVE-2025-2421

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection. This issue affects SambaBox: before 5.1.

CVECVE-2025-2421

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 02 · 12:15 PM CDT

ModifiedSat, Jun 06 · 06:16 AM CDT

Open article ↗

Fri, May 02 · 09:15 AM CDT

CVE-2025-2812

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection. This issue affects Ticket Sales Automation: before 03.04.2025 (DD.MM.YYYY).

CVECVE-2025-2812

SeverityCRITICAL

TypeUPDATED

PublishedFri, May 02 · 09:15 AM CDT

ModifiedSat, Jun 06 · 06:16 AM CDT

Open article ↗

Thu, Jun 19 · 01:15 PM CDT

CVE-2025-4738

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection. This issue affects MY ERP: before 1.170.

CVECVE-2025-4738

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jun 19 · 01:15 PM CDT

ModifiedFri, Jun 05 · 04:16 PM CDT

Open article ↗

Thu, Jul 24 · 02:15 PM CDT

CVE-2025-4784

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Moderec Tourtella allows SQL Injection. This issue affects Tourtella: before 26.05.2025.

CVECVE-2025-4784

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jul 24 · 02:15 PM CDT

ModifiedFri, Jun 05 · 04:16 PM CDT

Open article ↗

Thu, Jul 24 · 01:15 PM CDT

CVE-2025-4822

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL Injection. This issue affects ScadaWatt Otopilot: before 27.05.2025.

CVECVE-2025-4822

SeverityCRITICAL

TypeUPDATED

PublishedThu, Jul 24 · 01:15 PM CDT

ModifiedFri, Jun 05 · 04:16 PM CDT

Open article ↗

Mon, Jul 28 · 11:15 AM CDT

CVE-2025-6918

9.8/10 · Must read/watch

NVDvuln

Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncvav Virtual PBX Software allows SQL Injection. This issue affects Virtual PBX Software: before 09.07.2025.

CVECVE-2025-6918

SeverityCRITICAL

TypeUPDATED

PublishedMon, Jul 28 · 11:15 AM CDT

ModifiedFri, Jun 05 · 03:16 PM CDT

Open article ↗

Tue, Jun 24 · 04:15 PM CDT

CVE-2025-4383

9.3/10 · Must read/watch

NVDvuln

Summary
Improper Restriction of Excessive Authentication Attempts vulnerability in Art-in Bilişim Teknolojileri ve Yazılım Hizm. Tic. Ltd. Şti. Wi-Fi Cloud Hotspot allows Authentication Abuse, Authentication Bypass. This issue affects Wi-Fi Cloud Hotspot: before 30.05.2025.

CVECVE-2025-4383

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jun 24 · 04:15 PM CDT

ModifiedFri, Jun 05 · 04:16 PM CDT

Open article ↗

Wed, Aug 11 · 03:15 PM CDT

CVE-2019-25052

9.1/10 · Must read/watch

NVDvuln

Summary
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.

CVECVE-2019-25052

SeverityCRITICAL

TypeUPDATED

PublishedWed, Aug 11 · 03:15 PM CDT

ModifiedFri, Jun 05 · 08:13 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.