Insights & updates

ACSP Briefing

A rolling briefing designed to help clients and prospects stay current on cybersecurity developments that may affect regulated and compliance-driven organizations.

Live briefing

Current briefing snapshot

A tighter rolling briefing focused on what changed in the last 6 hours, with vulnerabilities tracked on a 24-hour awareness window.

Generated Wed, Apr 15 · 12:05 AM CDT Window last 6 hours Open archive Tue, Apr 14 · 12:00 PM CDTTue, Apr 14 · 06:00 AM CDTTue, Apr 14 · 12:00 AM CDTMon, Apr 13 · 06:00 PM CDT

Top line

Coverage now updates on a rolling 6-hour window, while NVD entries come from the live API using a last-24-hours modified window and are sorted by severity.

Fast take

News stays on the current 6-hour slice, videos now use the last 24 hours, and NVD uses the API instead of the traditional feed to better match the live site behavior.

Top stories

5

Worth skimming

5

Tracked videos

2

NVD vulnerabilities

25

Top stories

The highest-priority items from the current rolling run.

Wed, Apr 15 · 12:05 AM CDT

Google Chrome Rolls Out Protection Against Infostealers Targeting Session Cookies

8.0/10 · Worth your time

Infosecurity Magazinemalwareai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 15 · 12:05 AM CDT

Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month

7.8/10 · Worth your time

Infosecurity Magazinemalware

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 15 · 12:05 AM CDT

Malicious Chrome Extensions Campaign Exposes User Data

7.8/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 15 · 12:05 AM CDT

AI Security Institute Advocates Security Best Practices After Mythos Test

7.8/10 · Worth your time

Infosecurity Magazineai

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 15 · 12:05 AM CDT

Mirax Android Trojan Turns Devices Into Residential Proxy Nodes

7.8/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Worth skimming

Useful items that may matter, but probably do not deserve top-of-queue attention.

Wed, Apr 15 · 12:05 AM CDT

CISOs Urged to Innovate with Talent Retention as Job Satisfaction Declines

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 15 · 12:05 AM CDT

Triad Nexus Expands Global Fraud Operations Despite US Sanctions

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 15 · 12:05 AM CDT

UK Cyber Security Council Launches Associate Cyber Security Professional Title

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 15 · 12:05 AM CDT

Operation Atlantic Seizes $12m in Crypto Losses

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Wed, Apr 15 · 12:05 AM CDT

STX RAT Targets Finance Sector With Advanced Stealth Tactics

7.7/10 · Worth your time

Infosecurity Magazinegeneral

Summary
Collected from the Infosecurity Magazine news page during the latest run.

Open article ↗

Videos worth watching

Recent creator uploads scored with feed discovery and page-level analysis.

John Hammond

6.8/10 · Skim only if relevant

YouTube / John Hammondgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
Free Cybersecurity Education and Ethical Hacking.

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NahamSec

6.6/10 · Skim only if relevant

YouTube / NahamSecgeneral

Why it matters
Recent creator upload with some page-level evidence. Better than raw feed discovery, but still not a full content review.

Summary
HACK THE PLANET!! Hi! I'm NahamSec. I think everyone can be a hacker and I'm on a mission to prove that!

Worth watching?Maybe — good candidate if the title matches your interests, but confidence is still moderate.

Confidencelow

Open article ↗

NVD vulnerabilities

NVD API entries modified in the last 24 hours, sorted by severity for quick scanning.

Thu, Mar 19 · 09:17 PM CDT

CVE-2026-32169

10.0/10 · Must read/watch

NVDvuln

Summary
Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.

CVECVE-2026-32169

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 19 · 09:17 PM CDT

ModifiedTue, Apr 14 · 05:14 PM CDT

Open article ↗

Mon, Mar 16 · 02:17 PM CDT

CVE-2017-20223

9.8/10 · Must read/watch

NVDvuln

Summary
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive informatio

CVECVE-2017-20223

SeverityCRITICAL

TypeUPDATED

PublishedMon, Mar 16 · 02:17 PM CDT

ModifiedTue, Apr 14 · 04:57 PM CDT

Open article ↗

Mon, Mar 16 · 02:17 PM CDT

CVE-2017-20224

9.8/10 · Must read/watch

NVDvuln

Summary
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executable code, delete files,

CVECVE-2017-20224

SeverityCRITICAL

TypeUPDATED

PublishedMon, Mar 16 · 02:17 PM CDT

ModifiedTue, Apr 14 · 04:52 PM CDT

Open article ↗

Tue, Feb 03 · 02:16 AM CST

CVE-2025-67484

9.8/10 · Must read/watch

NVDvuln

Summary
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.

CVECVE-2025-67484

SeverityCRITICAL

TypeUPDATED

PublishedTue, Feb 03 · 02:16 AM CST

ModifiedTue, Apr 14 · 01:26 PM CDT

Open article ↗

Tue, Jul 15 · 02:15 PM CDT

CVE-2025-6965

9.8/10 · Must read/watch

NVDvuln

Summary
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

CVECVE-2025-6965

SeverityCRITICAL

TypeUPDATED

PublishedTue, Jul 15 · 02:15 PM CDT

ModifiedTue, Apr 14 · 10:16 AM CDT

Open article ↗

Fri, Feb 06 · 09:15 AM CST

CVE-2026-21643

9.8/10 · Must read/watch

NVDvuln

Summary
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

CVECVE-2026-21643

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 06 · 09:15 AM CST

ModifiedTue, Apr 14 · 02:21 PM CDT

Open article ↗

Fri, Mar 20 · 05:16 PM CDT

CVE-2026-22898

9.8/10 · Must read/watch

NVDvuln

Summary
A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later

CVECVE-2026-22898

SeverityCRITICAL

TypeUPDATED

PublishedFri, Mar 20 · 05:16 PM CDT

ModifiedTue, Apr 14 · 02:33 PM CDT

Open article ↗

Fri, Feb 27 · 05:16 PM CST

CVE-2026-2293

9.8/10 · Must read/watch

NVDvuln

Summary
A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13.

CVECVE-2026-2293

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 27 · 05:16 PM CST

ModifiedTue, Apr 14 · 12:30 AM CDT

Open article ↗

Tue, Feb 03 · 07:16 AM CST

CVE-2026-24465

9.8/10 · Must read/watch

NVDvuln

Summary
Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.

CVECVE-2026-24465

SeverityCRITICAL

TypeUPDATED

PublishedTue, Feb 03 · 07:16 AM CST

ModifiedTue, Apr 14 · 12:59 PM CDT

Open article ↗

Fri, Feb 13 · 04:16 PM CST

CVE-2026-26221

9.8/10 · Must read/watch

NVDvuln

Summary
Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 (e.g., TimerServiceAPI.rem and TimerServiceEvents.rem fo

CVECVE-2026-26221

SeverityCRITICAL

TypeUPDATED

PublishedFri, Feb 13 · 04:16 PM CST

ModifiedTue, Apr 14 · 12:16 AM CDT

Open article ↗

Tue, Mar 10 · 07:17 PM CDT

CVE-2026-28292

9.8/10 · Must read/watch

NVDvuln

Summary
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code execution on the host machine. Version 3.23.0 contains an updated fix for

CVECVE-2026-28292

SeverityCRITICAL

TypeUPDATED

PublishedTue, Mar 10 · 07:17 PM CDT

ModifiedTue, Apr 14 · 04:16 PM CDT

Open article ↗

Thu, Mar 19 · 09:17 PM CDT

CVE-2026-32191

9.8/10 · Must read/watch

NVDvuln

Summary
Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

CVECVE-2026-32191

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 19 · 09:17 PM CDT

ModifiedTue, Apr 14 · 04:35 PM CDT

Open article ↗

Thu, Mar 19 · 10:16 PM CDT

CVE-2026-32194

9.8/10 · Must read/watch

NVDvuln

Summary
Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

CVECVE-2026-32194

SeverityCRITICAL

TypeUPDATED

PublishedThu, Mar 19 · 10:16 PM CDT

ModifiedTue, Apr 14 · 04:35 PM CDT

Open article ↗

Fri, Mar 27 · 01:16 AM CDT

CVE-2026-33729

9.8/10 · Must read/watch

NVDvuln

Summary
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using conditions with caching enabled can result in two different check requests producing the same cache key. This can result i

CVECVE-2026-33729

SeverityCRITICAL

TypeUPDATED

PublishedFri, Mar 27 · 01:16 AM CDT

ModifiedTue, Apr 14 · 01:04 AM CDT

Open article ↗

Wed, Aug 10 · 12:15 PM CDT

CVE-2022-36323

9.1/10 · Must read/watch

NVDvuln

Summary
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

CVECVE-2022-36323

SeverityCRITICAL

TypeUPDATED

PublishedWed, Aug 10 · 12:15 PM CDT

ModifiedTue, Apr 14 · 09:16 AM CDT

Open article ↗

Tue, Nov 14 · 11:15 AM CST

CVE-2023-44373

9.1/10 · Must read/watch

NVDvuln

Summary
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323.

CVECVE-2023-44373

SeverityCRITICAL

TypeUPDATED

PublishedTue, Nov 14 · 11:15 AM CST

ModifiedTue, Apr 14 · 09:16 AM CDT

Open article ↗

Tue, Sep 09 · 02:15 PM CDT

CVE-2025-54236

9.1/10 · Must read/watch

NVDvuln

Summary
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue doe

CVECVE-2025-54236

SeverityCRITICAL

TypeUPDATED

PublishedTue, Sep 09 · 02:15 PM CDT

ModifiedMon, Apr 13 · 01:00 PM CDT

Open article ↗

Fri, Mar 20 · 05:16 PM CDT

CVE-2025-59383

9.1/10 · Must read/watch

NVDvuln

Summary
A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1 and later

CVECVE-2025-59383

SeverityCRITICAL

TypeUPDATED

PublishedFri, Mar 20 · 05:16 PM CDT

ModifiedTue, Apr 14 · 01:17 AM CDT

Open article ↗

Wed, Dec 17 · 11:16 PM CST

CVE-2025-68145

9.1/10 · Must read/watch

NVDvuln

Summary
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could allow tool calls to operate on other rep

CVECVE-2025-68145

SeverityCRITICAL

TypeUPDATED

PublishedWed, Dec 17 · 11:16 PM CST

ModifiedTue, Apr 14 · 03:13 PM CDT

Open article ↗

Thu, Dec 18 · 02:15 PM CST

CVE-2025-40892

8.9/10 · Worth your time

NVDvuln

Summary
A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a malicious report templa

CVECVE-2025-40892

SeverityHIGH

TypeUPDATED

PublishedThu, Dec 18 · 02:15 PM CST

ModifiedTue, Apr 14 · 10:16 AM CDT

Open article ↗

Wed, Feb 25 · 04:30 PM CST

CVE-2009-0238

8.8/10 · Worth your time

NVDvuln

Summary
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document tha

CVECVE-2009-0238

SeverityHIGH

TypeUPDATED

PublishedWed, Feb 25 · 04:30 PM CST

ModifiedTue, Apr 14 · 06:16 PM CDT

Open article ↗

Tue, Oct 11 · 11:15 AM CDT

CVE-2022-31765

8.8/10 · Worth your time

NVDvuln

Summary
Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.

CVECVE-2022-31765

SeverityHIGH

TypeUPDATED

PublishedTue, Oct 11 · 11:15 AM CDT

ModifiedTue, Apr 14 · 09:16 AM CDT

Open article ↗

Tue, Feb 14 · 08:15 PM CST

CVE-2023-21529

8.8/10 · Worth your time

NVDvuln

Summary
Microsoft Exchange Server Remote Code Execution Vulnerability

CVECVE-2023-21529

SeverityHIGH

TypeUPDATED

PublishedTue, Feb 14 · 08:15 PM CST

ModifiedTue, Apr 14 · 02:44 PM CDT

Open article ↗

Tue, Dec 09 · 04:17 PM CST

CVE-2025-10655

8.8/10 · Worth your time

NVDvuln

Summary
SQL Injection in Frappe HelpDesk in the dashboard get_dashboard_data due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0.

CVECVE-2025-10655

SeverityHIGH

TypeUPDATED

PublishedTue, Dec 09 · 04:17 PM CST

ModifiedTue, Apr 14 · 03:35 PM CDT

Open article ↗

Mon, Mar 16 · 02:17 PM CDT

CVE-2025-14287

8.8/10 · Worth your time

NVDvuln

Summary
A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, which are then execut

CVECVE-2025-14287

SeverityHIGH

TypeUPDATED

PublishedMon, Mar 16 · 02:17 PM CDT

ModifiedTue, Apr 14 · 04:48 PM CDT

Open article ↗

Ignore today

Noise, weak angles, or items that do not appear to deserve your time right now.

Generic low-detail roundups without primary reporting.
HN items that are interesting but not clearly security or AI relevant.
Creator videos that look more like promotion, podcast chatter, or evergreen content than time-sensitive signal outside the rolling window.