Threat intelligence that never sleeps.
Critical CVEs, active exploitation, breach forensics, and original research — every story cross-validated by 3+ primary sources before publication. Powered by the same autonomous engine that defends Lyrie.ai customers from rogue-AI and machine-speed attackers.
CISA KEV analysis: what gets actively exploited and why
We analyzed every CVE added to CISA KEV in the last 30 days. Breakdown: 41% remote management tools 23% network perimeter devices 18% enterprise software with exposed APIs 11% AI/ML serving infrastructure That last number was 0% two years ago.
Five always-on streams
Fresh advisories
Second Republic accelerates youth empowerment drive towards Vision 2030 The Second Republic under the leadership of Pre
Second Republic accelerates youth empowerment drive towards Vision 2030 The Second Republic under the leadership of President Emmerson Mnangagwa continues to demonstrate an unwavering commitment towards uplifting the livelihoods of Zimbabwe’s youthful population through https://t.co/ZVsJKE3MMB
Zcash's Orchard pool confirmed exploited? A critical vulnerability has been confirmed that could allow the creation of
Zcash's Orchard pool confirmed exploited? A critical vulnerability has been confirmed that could allow the creation of an unlimited number of fake ZECS inside Orchard unnoticed by the network. Researcher Taylor Hornby discovered a critical error on May 29, 2026 during an audit. https://t.co/VhYyEV
🛡️ Instagram Quickly Fixes the Password Reset Flaw That Exposes User Emails & Phone Numbers A critical logic bug
🛡️ Instagram Quickly Fixes the Password Reset Flaw That Exposes User Emails & Phone Numbers A critical logic bug in Instagram’s web-based password reset flow on June 6, 2026, exposed unredacted email addresses and phone numbers associated with user accounts, including those
Silent Ransom Group (SRG): Uncovering DNS Fast Flux Infrastructure
In 2022, DataBreaches wondered whether a group with no name might be the most successful group we had never heard about. Our impression that the group was unique was somewhat confirmed in 2024, when it walked away from a ransom offer of $1.8 million. More recently, the group, no
Ex-Threat Intel Exec Accuses IBM and AT&T of Hiding Hacks
Tiffany Wang reports: IBM and AT&T lacked basic security controls and hid nation-state hacking breaches from the government, a former IBM threat intelligence official alleged in a newly unsealed lawsuit. Former IBM Vice President of Threat Intelligence William Barlow claimed the
Was “ExPresidents” a real hacker or a fabricated account?
DataBreaches recently recommended an article by Alberto Daniel Hill about digital security in Argentina, Uruguay, and Mexico. In describing his article, DataBreaches reported: In one section of his report, Hill calls out a company for allegedly manufacturing cyber threats, which
Pattern alert: 11 recent advisories converge on 0day
Lyrie Threat Intelligence identifies a thread connecting 11 recent advisories around 0day.
Chinese LLMs can hack better than state-sponsored hackers with properly evolved harness Kimi K2 model & AgentFlow
Chinese LLMs can hack better than state-sponsored hackers with properly evolved harness Kimi K2 model & AgentFlow uncovered 10 zero-day vulnerabilities in Google Chrome including critical sandbox escapes that let attackers own your system from one malicious tab. https://t.co/6tBYbWuH4e
Silent Ransom Group targets law firms with fake IT support calls
The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. [...]
LPE in the Linux kernel's CIFS client implementation CVE: CVE-2026-46243 PT ID: PT-2026-45478 Vendor: Linux Product: Li
LPE in the Linux kernel's CIFS client implementation CVE: CVE-2026-46243 PT ID: PT-2026-45478 Vendor: Linux Product: Linux CVSS: 7.8 Credits: Asim Viladi Oglu Manizada Description: A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation.
The security assumption every AI team gets wrong: "As long as trust_remote_code=False is set, we are safe." ❌ We put th
The security assumption every AI team gets wrong: "As long as trust_remote_code=False is set, we are safe." ❌ We put that to the test. What we uncovered is a critical RCE vulnerability in @huggingface Transformers (CVE-2026-4372) that completely bypasses this control. A thread https://t.co/vA172vl
Pattern alert: 8 recent advisories converge on 0day
Lyrie Threat Intelligence identifies a thread connecting 8 recent advisories around 0day.
🚨Anthropic published a security guide that tells you to stop trusting your own AI agents. While everyone's been shippi
🚨Anthropic published a security guide that tells you to stop trusting your own AI agents. While everyone's been shipping agents as fast as possible… Anthropic quietly released a PDF "Zero Trust for AI Agents" and it's not a best practices doc. It's a warning. WHAT HAPPENED: https://t.co/puK9hDm
Threat Intelligence Assessment: Confirmed Logic Bug in Meta Instagram AI-Powered Account Reset Flow (June 2026) After in
Threat Intelligence Assessment: Confirmed Logic Bug in Meta Instagram AI-Powered Account Reset Flow (June 2026) After independent cross-verification with primary sources — including researcher posts on X, technical journalism, victim reports, and Meta acknowledgments — the claim
Update: Following our initial disclosure, we are sharing additional findings and actions taken regarding the NFT Marketp
Update: Following our initial disclosure, we are sharing additional findings and actions taken regarding the NFT Marketplace exploit investigation. Security Incident Report — Updated Klever Blockchain — NFT Marketplace Royalty Inflation Exploit Date: June 6, 2026 Status:
OpenAI Got Hit by a Supply Chain Attack. Lyrie Would Have Stopped It Before It Started.
On May 11, 2026, OpenAI disclosed that two employee devices were compromised via a malicious TanStack npm package as part of the Mini Shai-Hulud supply chain campaign. Credentials were exfiltrated. Code-signing certificates for iOS, macOS, and Windows were exposed. Here is exactly how it happened, why traditional security missed it, and why behavioral runtime defense — the kind Lyrie deploys — would have killed it before a single credential left the machine.
The Zcash bug this week wasn't a story about a team that failed. It was a story about what happens when privacy is compl
The Zcash bug this week wasn't a story about a team that failed. It was a story about what happens when privacy is complex enough to hide its own vulnerabilities. A critical flaw sat inside two lines of code in the Orchard circuit from May 2022 until June 2026 four years and https://t.co/3TT7Zdda
𝐅𝐨𝐫𝐜𝐞𝐝 𝐃𝐢𝐬𝐚𝐩𝐩𝐞𝐚𝐫𝐚𝐧𝐜𝐞 𝐨𝐟 𝐌𝐞𝐡𝐫𝐚𝐛 𝐊𝐡𝐚𝐥𝐢𝐝: 𝐂𝐨𝐧𝐭𝐢𝐧𝐮𝐢𝐧𝐠 𝐀𝐬𝐬𝐚𝐮𝐥𝐭 𝐨𝐧 𝐁𝐚𝐥�
𝐅𝐨𝐫𝐜𝐞𝐝 𝐃𝐢𝐬𝐚𝐩𝐩𝐞𝐚𝐫𝐚𝐧𝐜𝐞 𝐨𝐟 𝐌𝐞𝐡𝐫𝐚𝐛 𝐊𝐡𝐚𝐥𝐢𝐝: 𝐂𝐨𝐧𝐭𝐢𝐧𝐮𝐢𝐧𝐠 𝐀𝐬𝐬𝐚𝐮𝐥𝐭 𝐨𝐧 𝐁𝐚𝐥𝐨𝐜𝐡 𝐒𝐭𝐮𝐝𝐞𝐧𝐭𝐬 The enforced disappearance of Mehrab Khalid, a filmmaking student at NCA Lahore is a matter of grave concern and highlights the https://t.co/AqJmfw3sMG
zcash:native crashed 50%+ in 48 hours. Here's what actually happened. On May 29, security researcher Taylor Hornby disc
zcash:native crashed 50%+ in 48 hours. Here's what actually happened. On May 29, security researcher Taylor Hornby discovered a critical flaw in Zcash's Orchard zero-knowledge proof circuit while auditing the protocol for Shielded Labs. The bug allowed a malicious actor to https://t.co/Q4zpkB6DeM
CRITICAL: CVE-2026-11009 (CVSS 9.6) — multiple products
Use after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available https://t.co/FuX1qI3xDY
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available https://t.co/FuX1qI3xDY
Pattern alert: 12 recent advisories converge on trustedfirmware-mbed-tls
Lyrie Threat Intelligence identifies a thread connecting 12 recent advisories around trustedfirmware-mbed-tls.
⚠️ CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks Source: https://t.co/3hGHBCHUst CISA has added
⚠️ CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks Source: https://t.co/3hGHBCHUst CISA has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in https://t.co/ujQ2c6
Pattern alert: 11 recent advisories converge on trustedfirmware-mbed-tls
Lyrie Threat Intelligence identifies a thread connecting 11 recent advisories around trustedfirmware-mbed-tls.
CRITICAL: CVE-2026-2624 (CVSS 9.8) — epati antikor next generation firewall
Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass. This issue affects Antikor Next Generation Firewall (NGFW): from v.2.0.1298 before v.2.0.1301.
CRITICAL: CVE-2025-2311 (CVSS 9) — multiple products
Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring. This issue affects SecHard: before 3.3.0.20220411.
CRITICAL: CVE-2025-1928 (CVSS 9.1) — restajet online food delivery system
Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation. This issue affects Online Food Delivery System: through 19122025. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CRITICAL: CVE-2025-1740 (CVSS 9.8) — multiple products
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force. This issue affects MyRezzta: from s2.03.01 before v2.05.01.
CRITICAL: CVE-2025-0987 (CVSS 9.9) — multiple products
Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection. This issue affects CVLand: from 2.1.0 through 20251103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CRITICAL: CVE-2025-0603 (CVSS 9.8) — multiple products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection. This issue affects Callvision Emergency Code: before V3.0.