Archive snapshot

Tue, Apr 14 · 06:00 AM CDT

Archived briefing content rendered inside the ACSP site experience.

Back to archive

Archived briefing

Snapshot overview

Generated Tue, Apr 14 · 06:00 AM CDTWindow last 6 hours

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

8

Worth skimming

0

Tracked videos

1

NVD vulnerabilities

25

Top stories

Tue, 14 Apr 2026 11:20:00 +0530

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

9.4/10 · Must read/watch

The Hacker Newsvuln

Summary
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which ca

Open article ↗

Tue, 14 Apr 2026 11:09:00 +0530

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

8.9/10 · Worth your time

The Hacker Newsvulnpolicy

Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-2164

Open article ↗

Tue, Apr 14 · 04:00 AM CDT

Ransomware Is Growing Three Times Faster Than the Spending Meant to Stop It

8.6/10 · Worth your time

Hacker Newsmalware

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 2 hours ago.

Open article ↗

Tue, Apr 14 · 06:00 AM CDT

AI Security Institute Advocates Security Best Practices After Mythos Test

8.2/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, Apr 14 · 04:00 AM CDT

An AI Vibe Coding Horror Story

8.1/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 2 hours ago.

Open article ↗

Tue, Apr 14 · 06:00 AM CDT

Google Chrome Rolls Out Protection Against Infostealers Targeting Session Cookies

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Tue, Apr 14 · 01:00 AM CDT

Multi-Agentic Software Development Is a Distributed Systems Problem

8.0/10 · Worth your time

Hacker Newsgeneral

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 5 hours ago.

Open article ↗

Tue, Apr 14 · 03:00 AM CDT

Introspective Diffusion Language Models

7.9/10 · Worth your time

Hacker Newsai

Summary
Surfaced from Hacker News front page during collection run. Freshness on HN: 3 hours ago.

Open article ↗

Worth skimming

Nothing surfaced yet.

Videos worth watching

Mon, Apr 13 · 07:50 AM CDT

Is AI Killing Bug Bounty?

7.9/10 · Worth your time

YouTube / NahamSecai

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

Thu, Mar 27 · 02:15 PM CDT

CVE-2025-2857

10.0/10 · Must read/watch

NVDvuln

Summary
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the

CVECVE-2025-2857

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 27 · 02:15 PM CDT

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Jan 07 · 04:15 PM CST

CVE-2025-0247

9.8/10 · Must read/watch

NVDvuln

Summary
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134 and Thunderbird 134.

CVECVE-2025-0247

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jan 07 · 04:15 PM CST

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Feb 04 · 02:15 PM CST

CVE-2025-1009

9.8/10 · Must read/watch

NVDvuln

Summary
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

CVECVE-2025-1009

SeverityCRITICAL

TypeUPDATED

PublishedTue, Feb 04 · 02:15 PM CST

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Feb 04 · 02:15 PM CST

CVE-2025-1016

9.8/10 · Must read/watch

NVDvuln

Summary
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability w

CVECVE-2025-1016

SeverityCRITICAL

TypeUPDATED

PublishedTue, Feb 04 · 02:15 PM CST

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Feb 04 · 02:15 PM CST

CVE-2025-1017

9.8/10 · Must read/watch

NVDvuln

Summary
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135, Firefox ESR 128

CVECVE-2025-1017

SeverityCRITICAL

TypeUPDATED

PublishedTue, Feb 04 · 02:15 PM CST

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Feb 04 · 02:15 PM CST

CVE-2025-1020

9.8/10 · Must read/watch

NVDvuln

Summary
Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135 and Thunderbird 135.

CVECVE-2025-1020

SeverityCRITICAL

TypeUPDATED

PublishedTue, Feb 04 · 02:15 PM CST

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Mar 04 · 02:15 PM CST

CVE-2025-1942

9.8/10 · Must read/watch

NVDvuln

Summary
When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

CVECVE-2025-1942

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 04 · 02:15 PM CST

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Sat, May 17 · 10:15 PM CDT

CVE-2025-4918

9.8/10 · Must read/watch

NVDvuln

Summary
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

CVECVE-2025-4918

SeverityCRITICAL

TypeUPDATED

PublishedSat, May 17 · 10:15 PM CDT

ModifiedMon, Apr 13 · 03:17 PM CDT

Open article ↗

Wed, Aug 10 · 12:15 PM CDT

CVE-2022-36323

9.1/10 · Must read/watch

NVDvuln

Summary
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

CVECVE-2022-36323

SeverityCRITICAL

TypeUPDATED

PublishedWed, Aug 10 · 12:15 PM CDT

ModifiedTue, Apr 14 · 09:16 AM CDT

Open article ↗

Tue, Nov 14 · 11:15 AM CST

CVE-2023-44373

9.1/10 · Must read/watch

NVDvuln

Summary
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323.

CVECVE-2023-44373

SeverityCRITICAL

TypeUPDATED

PublishedTue, Nov 14 · 11:15 AM CST

ModifiedTue, Apr 14 · 09:16 AM CDT

Open article ↗

Tue, Mar 04 · 02:15 PM CST

CVE-2025-1941

9.1/10 · Must read/watch

NVDvuln

Summary
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability was fixed in Firefox 136.

CVECVE-2025-1941

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 04 · 02:15 PM CST

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Apr 29 · 02:15 PM CDT

CVE-2025-4083

9.1/10 · Must read/watch

NVDvuln

Summary
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR

CVECVE-2025-4083

SeverityCRITICAL

TypeUPDATED

PublishedTue, Apr 29 · 02:15 PM CDT

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Oct 11 · 11:15 AM CDT

CVE-2022-31765

8.8/10 · Worth your time

NVDvuln

Summary
Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.

CVECVE-2022-31765

SeverityHIGH

TypeUPDATED

PublishedTue, Oct 11 · 11:15 AM CDT

ModifiedTue, Apr 14 · 09:16 AM CDT

Open article ↗

Tue, Feb 14 · 08:15 PM CST

CVE-2023-21529

8.8/10 · Worth your time

NVDvuln

Summary
Microsoft Exchange Server Remote Code Execution Vulnerability

CVECVE-2023-21529

SeverityHIGH

TypeUPDATED

PublishedTue, Feb 14 · 08:15 PM CST

ModifiedMon, Apr 13 · 07:00 PM CDT

Open article ↗

Tue, Feb 04 · 02:15 PM CST

CVE-2025-1010

8.8/10 · Worth your time

NVDvuln

Summary
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

CVECVE-2025-1010

SeverityHIGH

TypeUPDATED

PublishedTue, Feb 04 · 02:15 PM CST

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Feb 04 · 02:15 PM CST

CVE-2025-1011

8.8/10 · Worth your time

NVDvuln

Summary
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

CVECVE-2025-1011

SeverityHIGH

TypeUPDATED

PublishedTue, Feb 04 · 02:15 PM CST

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Feb 04 · 02:15 PM CST

CVE-2025-1014

8.8/10 · Worth your time

NVDvuln

Summary
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

CVECVE-2025-1014

SeverityHIGH

TypeUPDATED

PublishedTue, Feb 04 · 02:15 PM CST

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Mar 04 · 02:15 PM CST

CVE-2025-1930

8.8/10 · Worth your time

NVDvuln

Summary
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

CVECVE-2025-1930

SeverityHIGH

TypeUPDATED

PublishedTue, Mar 04 · 02:15 PM CST

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Apr 29 · 02:15 PM CDT

CVE-2025-2817

8.8/10 · Worth your time

NVDvuln

Summary
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by

CVECVE-2025-2817

SeverityHIGH

TypeUPDATED

PublishedTue, Apr 29 · 02:15 PM CDT

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Sat, May 17 · 10:15 PM CDT

CVE-2025-4919

8.8/10 · Worth your time

NVDvuln

Summary
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

CVECVE-2025-4919

SeverityHIGH

TypeUPDATED

PublishedSat, May 17 · 10:15 PM CDT

ModifiedMon, Apr 13 · 03:17 PM CDT

Open article ↗

Tue, Mar 11 · 10:15 AM CDT

CVE-2024-56181

8.2/10 · Worth your time

NVDvuln

Summary
A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IP

CVECVE-2024-56181

SeverityHIGH

TypeUPDATED

PublishedTue, Mar 11 · 10:15 AM CDT

ModifiedTue, Apr 14 · 09:16 AM CDT

Open article ↗

Tue, Mar 11 · 10:15 AM CDT

CVE-2024-56182

8.2/10 · Worth your time

NVDvuln

Summary
A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC I

CVECVE-2024-56182

SeverityHIGH

TypeUPDATED

PublishedTue, Mar 11 · 10:15 AM CDT

ModifiedTue, Apr 14 · 09:16 AM CDT

Open article ↗

Tue, Mar 04 · 02:15 PM CST

CVE-2025-1943

8.2/10 · Worth your time

NVDvuln

Summary
Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

CVECVE-2025-1943

SeverityHIGH

TypeUPDATED

PublishedTue, Mar 04 · 02:15 PM CST

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Mar 04 · 02:15 PM CST

CVE-2025-1932

8.1/10 · Worth your time

NVDvuln

Summary
An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

CVECVE-2025-1932

SeverityHIGH

TypeUPDATED

PublishedTue, Mar 04 · 02:15 PM CST

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Tue, Apr 01 · 01:15 PM CDT

CVE-2025-3030

8.1/10 · Worth your time

NVDvuln

Summary
Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 137, Firefox ESR 128

CVECVE-2025-3030

SeverityHIGH

TypeUPDATED

PublishedTue, Apr 01 · 01:15 PM CDT

ModifiedMon, Apr 13 · 03:16 PM CDT

Open article ↗

Ignore today

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.