Welcome to Storyflo Daily Security. I'm Syd.

Today's briefing is marked by a series of disturbing stories and vulnerabilities. First, we're looking at a Tennessee man linked to the online extremist collective 764, accused of a series of crimes against children, as reported by CyberScoop. Zachary Sweeney has pleaded not guilty to charges that could keep him locked up for 50 years, according to prosecutors. This case highlights the growing threat of virtual violence, cybercrime, and the pursuit of notoriety by extremist groups. In the meantime, CyberScoop also reports that a federal audit has revealed significant mismanagement by the National Institute of Standards and Technology (NIST) of its National Vulnerability Database. Poor planning, duplication, and a lack of communication with users have created a backlog of unprocessed security flaws. This is a critical issue for the cybersecurity community, as this database helps professionals prioritize security problems. Moving on to the vulnerabilities we're tracking today, we have six notable advisories from CISA. Starting with Siemens RUGGEDCOM APE1808 Devices, which have a buffer overflow vulnerability (CVE-2026-0300) that could allow an attacker to execute arbitrary code with root privileges. Then, we have an update available for ABB CoreSense HM and CoreSense M10 devices (CVE-2025-3465), resolving a path traversal vulnerability that could compromise the system. Next up, we're looking at ScadaBR version 1.2.0, which has three vulnerabilities (CVE-2026-8602, CVE-2026-8603, CVE-2026-8604, CVE-2026-8605) that could allow an attacker to perform unauthenticated remote code execution. CISA has not received a response from ScadaBR regarding mitigation, so users are advised to contact their customer support. In terms of new additions to the Known Exploited Vulnerabilities (KEV) Catalog, CISA has added seven vulnerabilities, including the Microsoft Windows Buffer Overflow Vulnerability (CVE-2008-4250) and the Microsoft Internet Explorer Use-After-Free Vulnerability (CVE-2010-0249). These are frequent sources of attacks, and organizations are urged to prioritize remediation. On the other end of the spectrum, CISA has also added two new vulnerabilities to the KEV Catalog, the Langflow Origin Validation Error Vulnerability (CVE-2025-34291) and the Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability (CVE-2026-34926). This highlights the ongoing threat of malicious cyber actors. Finally, ABB B&R PCs have a vulnerability (CVE-2023-45229,CVE-2023-45230, etc.) that could allow an attacker to execute remote code, initiate DoS attacks, or conduct DNS cache poisoning. An update is now available to remediate the issue. In conclusion, today's briefing has shown the dark side of our digital world, with cases of child exploitation, mismanagement of critical databases, and widespread vulnerabilities. But it also highlights the importance of proactive security measures, including timely remediation of known vulnerabilities. I urge all organizations to prioritize their vulnerability management practice and stay one step ahead of malicious actors.