{"version":"https://jsonfeed.org/version/1.1","title":"Lyrie Research","home_page_url":"https://lyrie.ai/research","feed_url":"https://lyrie.ai/research/api/feed.json","items":[{"id":"https://lyrie.ai/research/research/0day-2063120702681542868","url":"https://lyrie.ai/research/research/0day-2063120702681542868","title":"Second Republic accelerates youth empowerment drive towards Vision 2030\n\nThe Second Republic under the leadership of Pre","summary":"Second Republic accelerates youth empowerment drive towards Vision 2030\n\nThe Second Republic under the leadership of President Emmerson Mnangagwa continues to demonstrate an unwavering commitment towards uplifting the livelihoods of Zimbabwe’s youthful population through https://t.co/ZVsJKE3MMB","content_text":"# 0day Intel: Second Republic accelerates youth empowerment drive towards Vision 2030\n\nThe Sec\n\n**Source:** X search for `vulnerability critical 2026`  \n**Posted:** 2026-06-06T04:48:01.000Z  \n**Likes:** 11\n\n## Full Tweet\nSecond Republic accelerates youth empowerment drive towards Vision 2030\n\nThe Second Republic under the leadership of President Emmerson Mnangagwa continues to demonstrate an unwavering commitment towards uplifting the livelihoods of Zimbabwe’s youthful population through https://t.co/ZVsJKE3MMB\n\n## Source Link\nhttps://x.com/i/status/2063120702681542868","date_published":"2026-06-06T04:48:01.000Z","date_modified":"2026-06-07T20:00:00.534Z","tags":["0day","cve-2026","x-intel","vulnerability-critical-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2063584755602296978","url":"https://lyrie.ai/research/research/0day-2063584755602296978","title":"Zcash's Orchard pool confirmed exploited?\n\nA critical vulnerability has been confirmed that could allow the creation of ","summary":"Zcash's Orchard pool confirmed exploited?\n\nA critical vulnerability has been confirmed that could allow the creation of an unlimited number of fake ZECS inside Orchard unnoticed by the network.\n\nResearcher Taylor Hornby discovered a critical error on May 29, 2026 during an audit. https://t.co/VhYyEV","content_text":"# 0day Intel: Zcash's Orchard pool confirmed exploited?\n\nA critical vulnerability has been con\n\n**Source:** X search for `vulnerability critical 2026`  \n**Posted:** 2026-06-07T11:31:59.000Z  \n**Likes:** 29\n\n## Full Tweet\nZcash's Orchard pool confirmed exploited?\n\nA critical vulnerability has been confirmed that could allow the creation of an unlimited number of fake ZECS inside Orchard unnoticed by the network.\n\nResearcher Taylor Hornby discovered a critical error on May 29, 2026 during an audit. https://t.co/VhYyEVUoUG https://t.co/Odk302v3RE\n\n## Source Link\nhttps://x.com/i/status/2063584755602296978","date_published":"2026-06-07T11:31:59.000Z","date_modified":"2026-06-07T20:00:00.534Z","tags":["0day","cve-2026","x-intel","vulnerability-critical-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2063613962084639100","url":"https://lyrie.ai/research/research/0day-2063613962084639100","title":"🛡️  Instagram Quickly Fixes the Password Reset Flaw That Exposes User Emails & Phone Numbers \n\nA critical logic bug","summary":"🛡️  Instagram Quickly Fixes the Password Reset Flaw That Exposes User Emails & Phone Numbers \n\nA critical logic bug in Instagram’s web-based password reset flow on June 6, 2026, exposed unredacted email addresses and phone numbers associated with user accounts, including those","content_text":"# 0day Intel: 🛡️  Instagram Quickly Fixes the Password Reset Flaw That Exposes User Emails &a\n\n**Source:** X search for `vulnerability critical 2026`  \n**Posted:** 2026-06-07T13:28:03.000Z  \n**Likes:** 10\n\n## Full Tweet\n🛡️  Instagram Quickly Fixes the Password Reset Flaw That Exposes User Emails & Phone Numbers \n\nA critical logic bug in Instagram’s web-based password reset flow on June 6, 2026, exposed unredacted email addresses and phone numbers associated with user accounts, including those\n\n## Source Link\nhttps://x.com/i/status/2063613962084639100","date_published":"2026-06-07T13:28:03.000Z","date_modified":"2026-06-07T20:00:00.534Z","tags":["0day","cve-2026","x-intel","vulnerability-critical-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/silent-ransom-group-srg-uncovering-dns-fast-flux-infrastructure","url":"https://lyrie.ai/research/research/silent-ransom-group-srg-uncovering-dns-fast-flux-infrastructure","title":"Silent Ransom Group (SRG): Uncovering DNS Fast Flux Infrastructure","summary":"In 2022, DataBreaches wondered whether a group with no name might be the most successful group we had never heard about. Our impression that the group was unique was somewhat confirmed in 2024, when it walked away from a ransom offer of $1.8 million.  More recently, the group, no","content_text":"# Silent Ransom Group (SRG): Uncovering DNS Fast Flux Infrastructure\n\nSource: [DataBreaches.net](https://databreaches.net/2026/06/07/silent-ransom-group-srg-uncovering-dns-fast-flux-infrastructure/?pk_campaign=feed&pk_kwd=silent-ransom-group-srg-uncovering-dns-fast-flux-infrastructure)  \nPublished: Sun, 07 Jun 2026 19:07:39 +0000\n\n## Summary\nIn 2022, DataBreaches wondered whether a group with no name might be the most successful group we had never heard about. Our impression that the group was unique was somewhat confirmed in 2024, when it walked away from a ransom offer of $1.8 million.  More recently, the group, now commonly referred to as the “Silent...\nSource\n\n## Sources\n- [DataBreaches.net report](https://databreaches.net/2026/06/07/silent-ransom-group-srg-uncovering-dns-fast-flux-infrastructure/?pk_campaign=feed&pk_kwd=silent-ransom-group-srg-uncovering-dns-fast-flux-infrastructure)\n- [DataBreaches.net feed](https://databreaches.net/feed/)\n- [Lyrie threat desk](https://lyrie.ai/research/authors/lyrie-threat-intelligence)","date_published":"Sun, 07 Jun 2026 19:07:39 +0000","date_modified":"Sun, 07 Jun 2026 19:07:39 +0000","tags":["breach","databreaches-net"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/ex-threat-intel-exec-accuses-ibm-and-at-t-of-hiding-hacks","url":"https://lyrie.ai/research/research/ex-threat-intel-exec-accuses-ibm-and-at-t-of-hiding-hacks","title":"Ex-Threat Intel Exec Accuses IBM and AT&T of Hiding Hacks","summary":"Tiffany Wang reports: IBM and AT&T lacked basic security controls and hid nation-state hacking breaches from the government, a former IBM threat intelligence official alleged in a newly unsealed lawsuit. Former IBM Vice President of Threat Intelligence William Barlow claimed the ","content_text":"# Ex-Threat Intel Exec Accuses IBM and AT&T of Hiding Hacks\n\nSource: [DataBreaches.net](https://databreaches.net/2026/06/07/ex-threat-intel-exec-accuses-ibm-and-att-of-hiding-hacks/?pk_campaign=feed&pk_kwd=ex-threat-intel-exec-accuses-ibm-and-att-of-hiding-hacks)  \nPublished: Sun, 07 Jun 2026 18:36:58 +0000\n\n## Summary\nTiffany Wang reports: IBM and AT&T lacked basic security controls and hid nation-state hacking breaches from the government, a former IBM threat intelligence official alleged in a newly unsealed lawsuit. Former IBM Vice President of Threat Intelligence William Barlow claimed the companies did not keep logs for AT&T-managed VPN connections into IBM cloud services and...\nSource\n\n## Sources\n- [DataBreaches.net report](https://databreaches.net/2026/06/07/ex-threat-intel-exec-accuses-ibm-and-att-of-hiding-hacks/?pk_campaign=feed&pk_kwd=ex-threat-intel-exec-accuses-ibm-and-att-of-hiding-hacks)\n- [DataBreaches.net feed](https://databreaches.net/feed/)\n- [Lyrie threat desk](https://lyrie.ai/research/authors/lyrie-threat-intelligence)","date_published":"Sun, 07 Jun 2026 18:36:58 +0000","date_modified":"Sun, 07 Jun 2026 18:36:58 +0000","tags":["breach","databreaches-net"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/was-expresidents-a-real-hacker-or-a-fabricated-account","url":"https://lyrie.ai/research/research/was-expresidents-a-real-hacker-or-a-fabricated-account","title":"Was “ExPresidents” a real hacker or a fabricated account?","summary":"DataBreaches recently recommended an article by Alberto Daniel Hill about digital security in Argentina, Uruguay, and Mexico. In describing his article, DataBreaches reported: In one section of his report, Hill calls out a company for allegedly manufacturing cyber threats, which ","content_text":"# Was “ExPresidents” a real hacker or a fabricated account?\n\nSource: [DataBreaches.net](https://databreaches.net/2026/06/07/was-expresidents-a-real-hacker-or-a-fabricated-account/?pk_campaign=feed&pk_kwd=was-expresidents-a-real-hacker-or-a-fabricated-account)  \nPublished: Sun, 07 Jun 2026 18:36:37 +0000\n\n## Summary\nDataBreaches recently recommended an article by Alberto Daniel Hill about digital security in Argentina, Uruguay, and Mexico. In describing his article, DataBreaches reported: In one section of his report, Hill calls out a company for allegedly manufacturing cyber threats, which he claims they then use to create public panic through media amplification. With the public...\nSource\n\n## Sources\n- [DataBreaches.net report](https://databreaches.net/2026/06/07/was-expresidents-a-real-hacker-or-a-fabricated-account/?pk_campaign=feed&pk_kwd=was-expresidents-a-real-hacker-or-a-fabricated-account)\n- [DataBreaches.net feed](https://databreaches.net/feed/)\n- [Lyrie threat desk](https://lyrie.ai/research/authors/lyrie-threat-intelligence)","date_published":"Sun, 07 Jun 2026 18:36:37 +0000","date_modified":"Sun, 07 Jun 2026 18:36:37 +0000","tags":["breach","databreaches-net"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/lyrie-original-0day-2026-06-07","url":"https://lyrie.ai/research/research/lyrie-original-0day-2026-06-07","title":"Pattern alert: 11 recent advisories converge on 0day","summary":"Lyrie Threat Intelligence identifies a thread connecting 11 recent advisories around 0day.","content_text":"# Pattern alert: 11 recent advisories converge on 0day\n\n_Lyrie Original — being enriched._","date_published":"2026-06-07T17:00:01.458Z","date_modified":"2026-06-07T17:00:01.458Z","tags":["lyrie-original","0day"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2063328214609711491","url":"https://lyrie.ai/research/research/0day-2063328214609711491","title":"Chinese LLMs can hack better than state-sponsored hackers with properly evolved harness \n\nKimi K2 model & AgentFlow ","summary":"Chinese LLMs can hack better than state-sponsored hackers with properly evolved harness \n\nKimi K2 model & AgentFlow uncovered 10 zero-day vulnerabilities in Google  Chrome including critical sandbox escapes that let attackers own your system from one malicious tab. https://t.co/6tBYbWuH4e","content_text":"# 0day Intel: Chinese LLMs can hack better than state-sponsored hackers with properly evolved \n\n**Source:** X search for `CVE-2026 critical`  \n**Posted:** 2026-06-06T18:32:35.000Z  \n**Likes:** 187\n\n## Full Tweet\nChinese LLMs can hack better than state-sponsored hackers with properly evolved harness \n\nKimi K2 model & AgentFlow uncovered 10 zero-day vulnerabilities in Google  Chrome including critical sandbox escapes that let attackers own your system from one malicious tab. https://t.co/6tBYbWuH4e\n\n## Source Link\nhttps://x.com/i/status/2063328214609711491","date_published":"2026-06-06T18:32:35.000Z","date_modified":"2026-06-07T16:00:00.634Z","tags":["0day","cve-2026","x-intel","cve-2026-critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/silent-ransom-group-targets-law-firms-with-fake-it-support-calls","url":"https://lyrie.ai/research/research/silent-ransom-group-targets-law-firms-with-fake-it-support-calls","title":"Silent Ransom Group targets law firms with fake IT support calls","summary":"The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. [...]","content_text":"# Silent Ransom Group targets law firms with fake IT support calls\n\nSource: [BleepingComputer](https://www.bleepingcomputer.com/news/security/silent-ransom-group-targets-law-firms-with-fake-it-support-calls/)  \nPublished: Sun, 07 Jun 2026 10:09:19 -0400\n\n## Summary\nThe Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. [...]\n\n## Sources\n- [BleepingComputer report](https://www.bleepingcomputer.com/news/security/silent-ransom-group-targets-law-firms-with-fake-it-support-calls/)\n- [BleepingComputer feed](https://www.bleepingcomputer.com/feed/)\n- [Lyrie threat desk](https://lyrie.ai/research/authors/lyrie-threat-intelligence)","date_published":"Sun, 07 Jun 2026 10:09:19 -0400","date_modified":"Sun, 07 Jun 2026 10:09:19 -0400","tags":["breach","bleepingcomputer"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2063191072763752703","url":"https://lyrie.ai/research/research/0day-2063191072763752703","title":"LPE in the Linux kernel's CIFS client implementation\n\nCVE: CVE-2026-46243\nPT ID: PT-2026-45478\nVendor: Linux\nProduct: Li","summary":"LPE in the Linux kernel's CIFS client implementation\n\nCVE: CVE-2026-46243\nPT ID: PT-2026-45478\nVendor: Linux\nProduct: Linux\nCVSS: 7.8\nCredits: Asim Viladi Oglu Manizada\n\nDescription:\nA privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation.","content_text":"# 0day Intel: LPE in the Linux kernel's CIFS client implementation\n\nCVE: CVE-2026-46243\nPT ID:\n\n**Source:** X search for `PoC exploit 2026`  \n**Posted:** 2026-06-06T09:27:38.000Z  \n**Likes:** 22\n\n## Full Tweet\nLPE in the Linux kernel's CIFS client implementation\n\nCVE: CVE-2026-46243\nPT ID: PT-2026-45478\nVendor: Linux\nProduct: Linux\nCVSS: 7.8\nCredits: Asim Viladi Oglu Manizada\n\nDescription:\nA privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation.\n\n## Source Link\nhttps://x.com/i/status/2063191072763752703","date_published":"2026-06-06T09:27:38.000Z","date_modified":"2026-06-07T12:00:00.403Z","tags":["0day","cve-2026","x-intel","poc-exploit-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2062568741238350181","url":"https://lyrie.ai/research/research/0day-2062568741238350181","title":"The security assumption every AI team gets wrong: \"As long as trust_remote_code=False is set, we are safe.\" ❌\n\nWe put th","summary":"The security assumption every AI team gets wrong: \"As long as trust_remote_code=False is set, we are safe.\" ❌\n\nWe put that to the test. What we uncovered is a critical RCE vulnerability in @huggingface Transformers (CVE-2026-4372) that completely bypasses this control.\n\nA thread https://t.co/vA172vl","content_text":"# 0day Intel: The security assumption every AI team gets wrong: \"As long as trust_remote_code=\n\n**Source:** X search for `RCE 2026 exploit`  \n**Posted:** 2026-06-04T16:14:43.000Z  \n**Likes:** 11\n\n## Full Tweet\nThe security assumption every AI team gets wrong: \"As long as trust_remote_code=False is set, we are safe.\" ❌\n\nWe put that to the test. What we uncovered is a critical RCE vulnerability in @huggingface Transformers (CVE-2026-4372) that completely bypasses this control.\n\nA thread https://t.co/vA172vl7qX\n\n## Source Link\nhttps://x.com/i/status/2062568741238350181","date_published":"2026-06-04T16:14:43.000Z","date_modified":"2026-06-07T10:00:00.410Z","tags":["0day","cve-2026","x-intel","rce-2026-exploit"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/lyrie-original-0day-2026-06-07","url":"https://lyrie.ai/research/research/lyrie-original-0day-2026-06-07","title":"Pattern alert: 8 recent advisories converge on 0day","summary":"Lyrie Threat Intelligence identifies a thread connecting 8 recent advisories around 0day.","content_text":"# Pattern alert: 8 recent advisories converge on 0day\n\n_Lyrie Original — being enriched._","date_published":"2026-06-07T09:00:02.148Z","date_modified":"2026-06-07T09:00:02.148Z","tags":["lyrie-original","0day"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2063442813891600548","url":"https://lyrie.ai/research/research/0day-2063442813891600548","title":"🚨Anthropic published a security guide that tells you to stop trusting your own AI agents.\n\nWhile everyone's been shippi","summary":"🚨Anthropic published a security guide that tells you to stop trusting your own AI agents.\n\nWhile everyone's been shipping agents as fast as possible…\n\nAnthropic quietly released a PDF \"Zero Trust for AI Agents\" and it's not a best practices doc.\n\nIt's a warning.\n\nWHAT HAPPENED: https://t.co/puK9hDm","content_text":"# 0day Intel: 🚨Anthropic published a security guide that tells you to stop trusting your own \n\n**Source:** X search for `zero-day exploit 2026`  \n**Posted:** 2026-06-07T02:07:58.000Z  \n**Likes:** 20\n\n## Full Tweet\n🚨Anthropic published a security guide that tells you to stop trusting your own AI agents.\n\nWhile everyone's been shipping agents as fast as possible…\n\nAnthropic quietly released a PDF \"Zero Trust for AI Agents\" and it's not a best practices doc.\n\nIt's a warning.\n\nWHAT HAPPENED: https://t.co/puK9hDmZPy https://t.co/b104RH1Y7K\n\n## Source Link\nhttps://x.com/i/status/2063442813891600548","date_published":"2026-06-07T02:07:58.000Z","date_modified":"2026-06-07T08:00:00.398Z","tags":["0day","cve-2026","x-intel","zero-day-exploit-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2063321473402450378","url":"https://lyrie.ai/research/research/0day-2063321473402450378","title":"Threat Intelligence Assessment: Confirmed Logic Bug in Meta Instagram AI-Powered Account Reset Flow (June 2026)\nAfter in","summary":"Threat Intelligence Assessment: Confirmed Logic Bug in Meta Instagram AI-Powered Account Reset Flow (June 2026)\nAfter independent cross-verification with primary sources — including researcher posts on X, technical journalism, victim reports, and Meta acknowledgments — the claim","content_text":"# 0day Intel: Threat Intelligence Assessment: Confirmed Logic Bug in Meta Instagram AI-Powered\n\n**Source:** X search for `vulnerability critical 2026`  \n**Posted:** 2026-06-06T18:05:48.000Z  \n**Likes:** 27\n\n## Full Tweet\nThreat Intelligence Assessment: Confirmed Logic Bug in Meta Instagram AI-Powered Account Reset Flow (June 2026)\nAfter independent cross-verification with primary sources — including researcher posts on X, technical journalism, victim reports, and Meta acknowledgments — the claim\n\n## Source Link\nhttps://x.com/i/status/2063321473402450378","date_published":"2026-06-06T18:05:48.000Z","date_modified":"2026-06-07T06:00:00.492Z","tags":["0day","cve-2026","x-intel","vulnerability-critical-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2063392338538570183","url":"https://lyrie.ai/research/research/0day-2063392338538570183","title":"Update: Following our initial disclosure, we are sharing additional findings and actions taken regarding the NFT Marketp","summary":"Update: Following our initial disclosure, we are sharing additional findings and actions taken regarding the NFT Marketplace exploit investigation.\n\nSecurity Incident Report — Updated\nKlever Blockchain — NFT Marketplace Royalty Inflation Exploit\nDate: June 6, 2026\nStatus:","content_text":"# 0day Intel: Update: Following our initial disclosure, we are sharing additional findings and\n\n**Source:** X search for `vulnerability critical 2026`  \n**Posted:** 2026-06-06T22:47:24.000Z  \n**Likes:** 27\n\n## Full Tweet\nUpdate: Following our initial disclosure, we are sharing additional findings and actions taken regarding the NFT Marketplace exploit investigation.\n\nSecurity Incident Report — Updated\nKlever Blockchain — NFT Marketplace Royalty Inflation Exploit\nDate: June 6, 2026\nStatus:\n\n## Source Link\nhttps://x.com/i/status/2063392338538570183","date_published":"2026-06-06T22:47:24.000Z","date_modified":"2026-06-07T06:00:00.491Z","tags":["0day","cve-2026","x-intel","vulnerability-critical-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/openai-tanstack-supply-chain-attack-lyrie-would-have-stopped-it","url":"https://lyrie.ai/research/research/openai-tanstack-supply-chain-attack-lyrie-would-have-stopped-it","title":"OpenAI Got Hit by a Supply Chain Attack. Lyrie Would Have Stopped It Before It Started.","summary":"On May 11, 2026, OpenAI disclosed that two employee devices were compromised via a malicious TanStack npm package as part of the Mini Shai-Hulud supply chain campaign. Credentials were exfiltrated. Code-signing certificates for iOS, macOS, and Windows were exposed. Here is exactly how it happened, why traditional security missed it, and why behavioral runtime defense — the kind Lyrie deploys — would have killed it before a single credential left the machine.","content_text":"# OpenAI Got Hit by a Supply Chain Attack. Lyrie Would Have Stopped It Before It Started.\n\n**Author:** Lyrie Threat Intelligence Team  \n**Date:** 2026-06-07  \n**Reading time:** 9 min\n\n---\n\n## What Happened\n\nOn May 11, 2026, TanStack — one of the most widely used open-source JavaScript libraries in the world — was compromised as part of a coordinated software supply chain campaign called **Mini Shai-Hulud**. The attack embedded malicious code into TanStack's npm packages. Developers who installed or updated TanStack that day pulled the payload directly into their environments.\n\nTwo OpenAI employee devices were hit. The malware executed, established unauthorized access to internal code repositories those employees had credentials for, and exfiltrated credential material. Among the compromised data: **code-signing certificates for OpenAI's iOS, macOS, and Windows applications.**\n\nOpenAI confirmed:\n- No user data was accessed\n- No production systems were compromised\n- No IP was stolen\n- The malware behaved exactly as publicly described — credential-focused exfiltration\n\nThey contained it, rotated credentials, engaged a DFIR firm, and are now requiring all macOS users to update their apps by June 12, 2026 to avoid being blocked by Apple's certificate revocation.\n\nThis is a significant incident, even with a clean bill of health for user data. The world's most well-resourced AI company had its code-signing infrastructure touched by an attack that entered through a single compromised npm package.\n\n---\n\n## Why This Attack Class Is So Dangerous\n\nMini Shai-Hulud is not a novel technique. It is the latest large-scale execution of an attack pattern that has been accelerating for years: **compromising the open-source packages that every developer team trusts implicitly.**\n\nThe numbers make this pattern terrifying:\n\n- **742% increase** in software supply chain attacks since 2019 (ENISA)\n- **2 minutes** — the median time between a malicious npm package being published and the first","date_published":"2026-06-07T03:00:00.000Z","date_modified":"2026-06-07T03:00:00.000Z","tags":["supply-chain","npm","openai","mini-shai-hulud","tanstack","credential-exfiltration","behavioral-analysis","runtime-defense","code-signing","atp"],"authors":[{"name":"Lyrie Threat Intelligence Team"}]},{"id":"https://lyrie.ai/research/research/0day-2063162481187410332","url":"https://lyrie.ai/research/research/0day-2063162481187410332","title":"The Zcash bug this week wasn't a story about a team that failed.\nIt was a story about what happens when privacy is compl","summary":"The Zcash bug this week wasn't a story about a team that failed.\nIt was a story about what happens when privacy is complex enough to hide its own vulnerabilities.\n\nA critical flaw sat inside two lines of code in the Orchard circuit from May 2022 until June 2026  four years  and https://t.co/3TT7Zdda","content_text":"# 0day Intel: The Zcash bug this week wasn't a story about a team that failed.\nIt was a story \n\n**Source:** X search for `vulnerability critical 2026`  \n**Posted:** 2026-06-06T07:34:01.000Z  \n**Likes:** 30\n\n## Full Tweet\nThe Zcash bug this week wasn't a story about a team that failed.\nIt was a story about what happens when privacy is complex enough to hide its own vulnerabilities.\n\nA critical flaw sat inside two lines of code in the Orchard circuit from May 2022 until June 2026  four years  and https://t.co/3TT7Zddafo\n\n## Source Link\nhttps://x.com/i/status/2063162481187410332","date_published":"2026-06-06T07:34:01.000Z","date_modified":"2026-06-06T20:00:00.471Z","tags":["0day","cve-2026","x-intel","vulnerability-critical-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2063198011979657394","url":"https://lyrie.ai/research/research/0day-2063198011979657394","title":"𝐅𝐨𝐫𝐜𝐞𝐝 𝐃𝐢𝐬𝐚𝐩𝐩𝐞𝐚𝐫𝐚𝐧𝐜𝐞 𝐨𝐟 𝐌𝐞𝐡𝐫𝐚𝐛 𝐊𝐡𝐚𝐥𝐢𝐝: 𝐂𝐨𝐧𝐭𝐢𝐧𝐮𝐢𝐧𝐠 𝐀𝐬𝐬𝐚𝐮𝐥𝐭 𝐨𝐧 𝐁𝐚𝐥\ud835","summary":"𝐅𝐨𝐫𝐜𝐞𝐝 𝐃𝐢𝐬𝐚𝐩𝐩𝐞𝐚𝐫𝐚𝐧𝐜𝐞 𝐨𝐟 𝐌𝐞𝐡𝐫𝐚𝐛 𝐊𝐡𝐚𝐥𝐢𝐝: 𝐂𝐨𝐧𝐭𝐢𝐧𝐮𝐢𝐧𝐠 𝐀𝐬𝐬𝐚𝐮𝐥𝐭 𝐨𝐧 𝐁𝐚𝐥𝐨𝐜𝐡 𝐒𝐭𝐮𝐝𝐞𝐧𝐭𝐬\n\nThe enforced disappearance of Mehrab Khalid, a filmmaking student at NCA Lahore is a matter of grave concern and highlights the https://t.co/AqJmfw3sMG","content_text":"# 0day Intel: 𝐅𝐨𝐫𝐜𝐞𝐝 𝐃𝐢𝐬𝐚𝐩𝐩𝐞𝐚𝐫𝐚𝐧𝐜𝐞 𝐨𝐟 𝐌𝐞𝐡𝐫𝐚𝐛 𝐊𝐡𝐚𝐥𝐢𝐝: 𝐂𝐨𝐧𝐭\n\n**Source:** X search for `vulnerability critical 2026`  \n**Posted:** 2026-06-06T09:55:13.000Z  \n**Likes:** 27\n\n## Full Tweet\n𝐅𝐨𝐫𝐜𝐞𝐝 𝐃𝐢𝐬𝐚𝐩𝐩𝐞𝐚𝐫𝐚𝐧𝐜𝐞 𝐨𝐟 𝐌𝐞𝐡𝐫𝐚𝐛 𝐊𝐡𝐚𝐥𝐢𝐝: 𝐂𝐨𝐧𝐭𝐢𝐧𝐮𝐢𝐧𝐠 𝐀𝐬𝐬𝐚𝐮𝐥𝐭 𝐨𝐧 𝐁𝐚𝐥𝐨𝐜𝐡 𝐒𝐭𝐮𝐝𝐞𝐧𝐭𝐬\n\nThe enforced disappearance of Mehrab Khalid, a filmmaking student at NCA Lahore is a matter of grave concern and highlights the https://t.co/AqJmfw3sMG\n\n## Source Link\nhttps://x.com/i/status/2063198011979657394","date_published":"2026-06-06T09:55:13.000Z","date_modified":"2026-06-06T20:00:00.471Z","tags":["0day","cve-2026","x-intel","vulnerability-critical-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2063236230905463153","url":"https://lyrie.ai/research/research/0day-2063236230905463153","title":"zcash:native crashed 50%+ in 48 hours. Here's what actually happened.\n\nOn May 29, security researcher Taylor Hornby disc","summary":"zcash:native crashed 50%+ in 48 hours. Here's what actually happened.\n\nOn May 29, security researcher Taylor Hornby discovered a critical flaw in Zcash's Orchard zero-knowledge proof circuit while auditing the protocol for Shielded Labs. The bug allowed a malicious actor to https://t.co/Q4zpkB6DeM","content_text":"# 0day Intel: zcash:native crashed 50%+ in 48 hours. Here's what actually happened.\n\nOn May 29\n\n**Source:** X search for `vulnerability critical 2026`  \n**Posted:** 2026-06-06T12:27:05.000Z  \n**Likes:** 171\n\n## Full Tweet\nzcash:native crashed 50%+ in 48 hours. Here's what actually happened.\n\nOn May 29, security researcher Taylor Hornby discovered a critical flaw in Zcash's Orchard zero-knowledge proof circuit while auditing the protocol for Shielded Labs. The bug allowed a malicious actor to https://t.co/Q4zpkB6DeM\n\n## Source Link\nhttps://x.com/i/status/2063236230905463153","date_published":"2026-06-06T12:27:05.000Z","date_modified":"2026-06-06T20:00:00.470Z","tags":["0day","cve-2026","x-intel","vulnerability-critical-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-11009-advisory","url":"https://lyrie.ai/research/research/cve-2026-11009-advisory","title":"CRITICAL: CVE-2026-11009 (CVSS 9.6) — multiple products","summary":"Use after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","content_text":"# CRITICAL: CVE-2026-11009 (CVSS 9.6) — multiple products\n\n**CVE:** CVE-2026-11009  \n**CVSS:** 9.6 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nUse after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-11009)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-11009)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-11009)\n\n## References\n- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html\n- https://issues.chromium.org/issues/496233132\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-04T23:17:04.730","date_modified":"2026-06-06T18:16:52.603","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2063155578495697003","url":"https://lyrie.ai/research/research/0day-2063155578495697003","title":"Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available https://t.co/FuX1qI3xDY","summary":"Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available https://t.co/FuX1qI3xDY","content_text":"# 0day Intel: Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch \n\n**Source:** X search for `actively exploited 2026`  \n**Posted:** 2026-06-06T07:06:36.000Z  \n**Likes:** 1\n\n## Full Tweet\nCisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available https://t.co/FuX1qI3xDY\n\n## Source Link\nhttps://x.com/i/status/2063155578495697003","date_published":"2026-06-06T07:06:36.000Z","date_modified":"2026-06-06T18:00:00.582Z","tags":["0day","cve-2026","x-intel","actively-exploited-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/lyrie-original-trustedfirmware-mbed-tls-2026-06-06","url":"https://lyrie.ai/research/research/lyrie-original-trustedfirmware-mbed-tls-2026-06-06","title":"Pattern alert: 12 recent advisories converge on trustedfirmware-mbed-tls","summary":"Lyrie Threat Intelligence identifies a thread connecting 12 recent advisories around trustedfirmware-mbed-tls.","content_text":"# Pattern alert: 12 recent advisories converge on trustedfirmware-mbed-tls\n\n_Lyrie Original — being enriched._","date_published":"2026-06-06T17:00:01.662Z","date_modified":"2026-06-06T17:00:01.662Z","tags":["lyrie-original","trustedfirmware-mbed-tls"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2063160944734380231","url":"https://lyrie.ai/research/research/0day-2063160944734380231","title":"⚠️  CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks \n\nSource: https://t.co/3hGHBCHUst\n\nCISA has added","summary":"⚠️  CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks \n\nSource: https://t.co/3hGHBCHUst\n\nCISA has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in https://t.co/ujQ2c6","content_text":"# 0day Intel: ⚠️  CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks \n\nSource:\n\n**Source:** X search for `CVE-2026 critical`  \n**Posted:** 2026-06-06T07:27:55.000Z  \n**Likes:** 52\n\n## Full Tweet\n⚠️  CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks \n\nSource: https://t.co/3hGHBCHUst\n\nCISA has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in https://t.co/ujQ2c6wZ93\n\n## Source Link\nhttps://x.com/i/status/2063160944734380231","date_published":"2026-06-06T07:27:55.000Z","date_modified":"2026-06-06T16:00:00.535Z","tags":["0day","cve-2026","x-intel","cve-2026-critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/lyrie-original-trustedfirmware-mbed-tls-2026-06-06","url":"https://lyrie.ai/research/research/lyrie-original-trustedfirmware-mbed-tls-2026-06-06","title":"Pattern alert: 11 recent advisories converge on trustedfirmware-mbed-tls","summary":"Lyrie Threat Intelligence identifies a thread connecting 11 recent advisories around trustedfirmware-mbed-tls.","content_text":"# Pattern alert: 11 recent advisories converge on trustedfirmware-mbed-tls\n\n_Lyrie Original — being enriched._","date_published":"2026-06-06T09:00:01.318Z","date_modified":"2026-06-06T09:00:01.318Z","tags":["lyrie-original","trustedfirmware-mbed-tls"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-2624-epati-antikor-next-generation-firewall","url":"https://lyrie.ai/research/research/cve-2026-2624-epati-antikor-next-generation-firewall","title":"CRITICAL: CVE-2026-2624 (CVSS 9.8) — epati antikor next generation firewall","summary":"Missing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass.\n\nThis issue affects Antikor Next Generation Firewall (NGFW): from v.2.0.1298 before v.2.0.1301.","content_text":"# CRITICAL: CVE-2026-2624 (CVSS 9.8) — epati antikor next generation firewall\n\n**CVE:** CVE-2026-2624  \n**CVSS:** 9.8 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n- epati antikor next generation firewall\n\n## Summary\nMissing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass.\n\nThis issue affects Antikor Next Generation Firewall (NGFW): from v.2.0.1298 before v.2.0.1301.\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-2624)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-2624)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-2624)\n\n## References\n- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0082\n- https://www.usom.gov.tr/bildirim/tr-26-0082\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-02-25T13:16:05.373","date_modified":"2026-06-06T08:16:53.420","tags":["epati","critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2025-2311-advisory","url":"https://lyrie.ai/research/research/cve-2025-2311-advisory","title":"CRITICAL: CVE-2025-2311 (CVSS 9) — multiple products","summary":"Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.\n\nThis issue affects SecHard: before 3.3.0.20220411.","content_text":"# CRITICAL: CVE-2025-2311 (CVSS 9) — multiple products\n\n**CVE:** CVE-2025-2311  \n**CVSS:** 9 (3.1) — `CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nIncorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.\n\nThis issue affects SecHard: before 3.3.0.20220411.\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2025-2311)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2025-2311)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2025-2311)\n\n## References\n- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0074\n- https://www.usom.gov.tr/bildirim/tr-25-0074\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2025-03-20T12:15:14.750","date_modified":"2026-06-06T08:16:51.510","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2025-1928-restajet-online-food-delivery-system","url":"https://lyrie.ai/research/research/cve-2025-1928-restajet-online-food-delivery-system","title":"CRITICAL: CVE-2025-1928 (CVSS 9.1) — restajet online food delivery system","summary":"Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation.\n\nThis issue affects Online Food Delivery System: through 19122025. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.","content_text":"# CRITICAL: CVE-2025-1928 (CVSS 9.1) — restajet online food delivery system\n\n**CVE:** CVE-2025-1928  \n**CVSS:** 9.1 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n- restajet online food delivery system\n\n## Summary\nImproper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation.\n\nThis issue affects Online Food Delivery System: through 19122025. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2025-1928)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2025-1928)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2025-1928)\n\n## References\n- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0469\n- https://www.usom.gov.tr/bildirim/tr-25-0469\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2025-12-19T13:16:03.313","date_modified":"2026-06-06T08:16:50.730","tags":["restajet","critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2025-1740-advisory","url":"https://lyrie.ai/research/research/cve-2025-1740-advisory","title":"CRITICAL: CVE-2025-1740 (CVSS 9.8) — multiple products","summary":"Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.\n\nThis issue affects MyRezzta: from s2.03.01 before v2.05.01.","content_text":"# CRITICAL: CVE-2025-1740 (CVSS 9.8) — multiple products\n\n**CVE:** CVE-2025-1740  \n**CVSS:** 9.8 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nImproper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.\n\nThis issue affects MyRezzta: from s2.03.01 before v2.05.01.\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2025-1740)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2025-1740)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2025-1740)\n\n## References\n- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0205\n- https://www.usom.gov.tr/bildirim/tr-25-0205\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2025-09-03T09:15:34.253","date_modified":"2026-06-06T08:16:50.393","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2025-0987-advisory","url":"https://lyrie.ai/research/research/cve-2025-0987-advisory","title":"CRITICAL: CVE-2025-0987 (CVSS 9.9) — multiple products","summary":"Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.\n\nThis issue affects CVLand: from 2.1.0 through 20251103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.","content_text":"# CRITICAL: CVE-2025-0987 (CVSS 9.9) — multiple products\n\n**CVE:** CVE-2025-0987  \n**CVSS:** 9.9 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nAuthorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.\n\nThis issue affects CVLand: from 2.1.0 through 20251103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2025-0987)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2025-0987)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2025-0987)\n\n## References\n- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0371\n- https://www.usom.gov.tr/bildirim/tr-25-0371\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2025-11-03T12:15:33.383","date_modified":"2026-06-06T08:16:49.037","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2025-0603-advisory","url":"https://lyrie.ai/research/research/cve-2025-0603-advisory","title":"CRITICAL: CVE-2025-0603 (CVSS 9.8) — multiple products","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection.\n\nThis issue affects Callvision Emergency Code: before V3.0.","content_text":"# CRITICAL: CVE-2025-0603 (CVSS 9.8) — multiple products\n\n**CVE:** CVE-2025-0603  \n**CVSS:** 9.8 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection.\n\nThis issue affects Callvision Emergency Code: before V3.0.\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2025-0603)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2025-0603)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2025-0603)\n\n## References\n- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0320\n- https://www.usom.gov.tr/bildirim/tr-25-0320\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2025-10-07T12:15:38.710","date_modified":"2026-06-06T08:16:47.073","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2025-2812-mydata-ticket-sales-automation","url":"https://lyrie.ai/research/research/cve-2025-2812-mydata-ticket-sales-automation","title":"CRITICAL: CVE-2025-2812 (CVSS 9.8) — mydata ticket sales automation","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.\n\nThis issue affects Ticket Sales Automation: before 03.04.2025 (DD.MM.YYYY).","content_text":"# CRITICAL: CVE-2025-2812 (CVSS 9.8) — mydata ticket sales automation\n\n**CVE:** CVE-2025-2812  \n**CVSS:** 9.8 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n- mydata ticket sales automation\n\n## Summary\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.\n\nThis issue affects Ticket Sales Automation: before 03.04.2025 (DD.MM.YYYY).\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2025-2812)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2025-2812)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2025-2812)\n\n## References\n- https://github.com/sahici/CVE-2025-2812/\n- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0099\n- https://www.usom.gov.tr/bildirim/tr-25-0099\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2025-05-02T09:15:20.210","date_modified":"2026-06-06T06:16:38.780","tags":["mydata","critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2025-2421-felisify-sambabox","url":"https://lyrie.ai/research/research/cve-2025-2421-felisify-sambabox","title":"CRITICAL: CVE-2025-2421 (CVSS 9.8) — felisify sambabox","summary":"Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection.\n\nThis issue affects SambaBox: before 5.1.","content_text":"# CRITICAL: CVE-2025-2421 (CVSS 9.8) — felisify sambabox\n\n**CVE:** CVE-2025-2421  \n**CVSS:** 9.8 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n- felisify sambabox\n\n## Summary\nImproper Control of Generation of Code ('Code Injection') vulnerability in Profelis Informatics SambaBox allows Code Injection.\n\nThis issue affects SambaBox: before 5.1.\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2025-2421)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2025-2421)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2025-2421)\n\n## References\n- https://sambabox.io/2025/04/14/version-5-1/\n- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0101\n- https://www.usom.gov.tr/bildirim/tr-25-0101\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2025-05-02T12:15:15.803","date_modified":"2026-06-06T06:16:38.447","tags":["felisify","critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-11146-advisory","url":"https://lyrie.ai/research/research/cve-2026-11146-advisory","title":"CRITICAL: CVE-2026-11146 (CVSS 9.6) — multiple products","summary":"Insufficient validation of untrusted input in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","content_text":"# CRITICAL: CVE-2026-11146 (CVSS 9.6) — multiple products\n\n**CVE:** CVE-2026-11146  \n**CVSS:** 9.6 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nInsufficient validation of untrusted input in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-11146)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-11146)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-11146)\n\n## References\n- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html\n- https://issues.chromium.org/issues/501709220\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-04T23:17:20.897","date_modified":"2026-06-06T05:16:26.440","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-11131-advisory","url":"https://lyrie.ai/research/research/cve-2026-11131-advisory","title":"CRITICAL: CVE-2026-11131 (CVSS 9.6) — multiple products","summary":"Use after free in Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","content_text":"# CRITICAL: CVE-2026-11131 (CVSS 9.6) — multiple products\n\n**CVE:** CVE-2026-11131  \n**CVSS:** 9.6 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nUse after free in Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-11131)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-11131)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-11131)\n\n## References\n- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html\n- https://issues.chromium.org/issues/501561644\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-04T23:17:19.197","date_modified":"2026-06-06T05:16:23.947","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-11119-advisory","url":"https://lyrie.ai/research/research/cve-2026-11119-advisory","title":"CRITICAL: CVE-2026-11119 (CVSS 9.6) — multiple products","summary":"Inappropriate implementation in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","content_text":"# CRITICAL: CVE-2026-11119 (CVSS 9.6) — multiple products\n\n**CVE:** CVE-2026-11119  \n**CVSS:** 9.6 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nInappropriate implementation in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-11119)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-11119)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-11119)\n\n## References\n- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html\n- https://issues.chromium.org/issues/501461853\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-04T23:17:17.673","date_modified":"2026-06-06T05:16:23.380","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-11114-advisory","url":"https://lyrie.ai/research/research/cve-2026-11114-advisory","title":"CRITICAL: CVE-2026-11114 (CVSS 9.6) — multiple products","summary":"Use after free in Device Trust in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","content_text":"# CRITICAL: CVE-2026-11114 (CVSS 9.6) — multiple products\n\n**CVE:** CVE-2026-11114  \n**CVSS:** 9.6 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nUse after free in Device Trust in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-11114)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-11114)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-11114)\n\n## References\n- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html\n- https://issues.chromium.org/issues/501360342\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-04T23:17:17.060","date_modified":"2026-06-06T04:17:29.200","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-11112-advisory","url":"https://lyrie.ai/research/research/cve-2026-11112-advisory","title":"CRITICAL: CVE-2026-11112 (CVSS 9.6) — multiple products","summary":"Insufficient validation of untrusted input in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Medium)","content_text":"# CRITICAL: CVE-2026-11112 (CVSS 9.6) — multiple products\n\n**CVE:** CVE-2026-11112  \n**CVSS:** 9.6 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nInsufficient validation of untrusted input in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Medium)\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-11112)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-11112)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-11112)\n\n## References\n- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html\n- https://issues.chromium.org/issues/500541413\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-04T23:17:16.830","date_modified":"2026-06-06T04:17:28.860","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-11100-advisory","url":"https://lyrie.ai/research/research/cve-2026-11100-advisory","title":"CRITICAL: CVE-2026-11100 (CVSS 9.6) — multiple products","summary":"Use after free in File Input in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","content_text":"# CRITICAL: CVE-2026-11100 (CVSS 9.6) — multiple products\n\n**CVE:** CVE-2026-11100  \n**CVSS:** 9.6 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nUse after free in File Input in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-11100)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-11100)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-11100)\n\n## References\n- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html\n- https://issues.chromium.org/issues/500416901\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-04T23:17:15.510","date_modified":"2026-06-06T04:17:25.943","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-11002-google-chrome","url":"https://lyrie.ai/research/research/cve-2026-11002-google-chrome","title":"CRITICAL: CVE-2026-11002 (CVSS 9.6) — google chrome","summary":"Use after free in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","content_text":"# CRITICAL: CVE-2026-11002 (CVSS 9.6) — google chrome\n\n**CVE:** CVE-2026-11002  \n**CVSS:** 9.6 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n- google chrome\n\n## Summary\nUse after free in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-11002)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-11002)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-11002)\n\n## References\n- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html\n- https://issues.chromium.org/issues/494740162\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-04T23:17:03.943","date_modified":"2026-06-06T01:54:16.440","tags":["google","critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-10990-google-chrome","url":"https://lyrie.ai/research/research/cve-2026-10990-google-chrome","title":"CRITICAL: CVE-2026-10990 (CVSS 9.6) — google chrome","summary":"Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","content_text":"# CRITICAL: CVE-2026-10990 (CVSS 9.6) — google chrome\n\n**CVE:** CVE-2026-10990  \n**CVSS:** 9.6 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n- google chrome\n\n## Summary\nUse after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-10990)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-10990)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-10990)\n\n## References\n- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html\n- https://issues.chromium.org/issues/506311914\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-04T23:17:02.427","date_modified":"2026-06-06T01:50:25.680","tags":["google","critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-11120-google-chrome","url":"https://lyrie.ai/research/research/cve-2026-11120-google-chrome","title":"CRITICAL: CVE-2026-11120 (CVSS 9.6) — google chrome","summary":"Insufficient validation of untrusted input in Enterprise Reporting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","content_text":"# CRITICAL: CVE-2026-11120 (CVSS 9.6) — google chrome\n\n**CVE:** CVE-2026-11120  \n**CVSS:** 9.6 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n- google chrome\n\n## Summary\nInsufficient validation of untrusted input in Enterprise Reporting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-11120)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-11120)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-11120)\n\n## References\n- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html\n- https://issues.chromium.org/issues/501467566\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-04T23:17:17.790","date_modified":"2026-06-06T01:41:43.820","tags":["google","critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-11113-google-chrome","url":"https://lyrie.ai/research/research/cve-2026-11113-google-chrome","title":"CRITICAL: CVE-2026-11113 (CVSS 9.6) — google chrome","summary":"Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","content_text":"# CRITICAL: CVE-2026-11113 (CVSS 9.6) — google chrome\n\n**CVE:** CVE-2026-11113  \n**CVSS:** 9.6 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n- google chrome\n\n## Summary\nInsufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-11113)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-11113)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-11113)\n\n## References\n- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html\n- https://issues.chromium.org/issues/500560764\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-04T23:17:16.950","date_modified":"2026-06-06T01:41:28.690","tags":["google","critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2062906051855343652","url":"https://lyrie.ai/research/research/0day-2062906051855343652","title":"$ZEC Orchard exploit, by the numbers:\n\nMay 2022 - bug introduced\n2022-2026 - multiple audits, zero detections\nMay 28 - O","summary":"$ZEC Orchard exploit, by the numbers:\n\nMay 2022 - bug introduced\n2022-2026 - multiple audits, zero detections\nMay 28 - Opus 4.8 released\nMay 29 - exploit found + proof-of-concept built same day\nJune 1-3 - emergency hard fork (NU6.2)\nJune 5 - public disclosure\nJune 5 - $ZEC -50%,","content_text":"# 0day Intel: $ZEC Orchard exploit, by the numbers:\n\nMay 2022 - bug introduced\n2022-2026 - mul\n\n**Source:** X search for `zero-day exploit 2026`  \n**Posted:** 2026-06-05T14:35:04.000Z  \n**Likes:** 11\n\n## Full Tweet\n$ZEC Orchard exploit, by the numbers:\n\nMay 2022 - bug introduced\n2022-2026 - multiple audits, zero detections\nMay 28 - Opus 4.8 released\nMay 29 - exploit found + proof-of-concept built same day\nJune 1-3 - emergency hard fork (NU6.2)\nJune 5 - public disclosure\nJune 5 - $ZEC -50%,\n\n## Source Link\nhttps://x.com/i/status/2062906051855343652","date_published":"2026-06-05T14:35:04.000Z","date_modified":"2026-06-05T22:00:00.411Z","tags":["0day","cve-2026","x-intel","zero-day-exploit-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2062827350555799660","url":"https://lyrie.ai/research/research/0day-2062827350555799660","title":"A security researcher just found a bug in Zcash that could have let someone print unlimited fake coins completely invisi","summary":"A security researcher just found a bug in Zcash that could have let someone print unlimited fake coins completely invisibly. zcash:native dropped 50% in one day.\n\nHere's what actually happened.\n\n> Zcash is a privacy cryptocurrency.\n\n> Unlike Bitcoin where every transaction is https://t.co/AcJe","content_text":"# 0day Intel: A security researcher just found a bug in Zcash that could have let someone prin\n\n**Source:** X search for `zero-day exploit 2026`  \n**Posted:** 2026-06-05T09:22:20.000Z  \n**Likes:** 25\n\n## Full Tweet\nA security researcher just found a bug in Zcash that could have let someone print unlimited fake coins completely invisibly. zcash:native dropped 50% in one day.\n\nHere's what actually happened.\n\n> Zcash is a privacy cryptocurrency.\n\n> Unlike Bitcoin where every transaction is https://t.co/AcJerl1kSn\n\n## Source Link\nhttps://x.com/i/status/2062827350555799660","date_published":"2026-06-05T09:22:20.000Z","date_modified":"2026-06-05T22:00:00.410Z","tags":["0day","cve-2026","x-intel","zero-day-exploit-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/0day-2062839119395619229","url":"https://lyrie.ai/research/research/0day-2062839119395619229","title":"LLMs just broke Zero-Knowledge crypto - and @Zcash paid the price\n\nA security researcher used Anthropic’s new Claude 4.8","summary":"LLMs just broke Zero-Knowledge crypto - and @Zcash paid the price\n\nA security researcher used Anthropic’s new Claude 4.8 Opus to find a catastrophic soundness bug deep in Zcash’s Orchard privacy pool.\n\nThis wasn’t a small frontend issue.  \nIt was a fundamental architectural flaw https://t.co/fkaxAvW","content_text":"# 0day Intel: LLMs just broke Zero-Knowledge crypto - and @Zcash paid the price\n\nA security re\n\n**Source:** X search for `zero-day exploit 2026`  \n**Posted:** 2026-06-05T10:09:06.000Z  \n**Likes:** 39\n\n## Full Tweet\nLLMs just broke Zero-Knowledge crypto - and @Zcash paid the price\n\nA security researcher used Anthropic’s new Claude 4.8 Opus to find a catastrophic soundness bug deep in Zcash’s Orchard privacy pool.\n\nThis wasn’t a small frontend issue.  \nIt was a fundamental architectural flaw https://t.co/fkaxAvW000\n\n## Source Link\nhttps://x.com/i/status/2062839119395619229","date_published":"2026-06-05T10:09:06.000Z","date_modified":"2026-06-05T22:00:00.410Z","tags":["0day","cve-2026","x-intel","zero-day-exploit-2026"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-7763-advisory","url":"https://lyrie.ai/research/research/cve-2026-7763-advisory","title":"CRITICAL: CVE-2026-7763 (CVSS 9.8) — multiple products","summary":"A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service (kernel panic) or potentially achieve Remote Code Execution via a crafted 802.11ah beacon frame containing a malformed Traffic Indication Map (TIM) Information Element. The function morse_page_slicing_process_tim_element() in page_slicing.c derives the TIM bitmap length directly from a received IE field without validating it against the fixed-size destination buffer before passing it to memset and memcpy operations, allowing up to 252 bytes of attacker-controlled data to be written beyond the buffer boundary. Because beacons are broadcast frames processed during passive scanning, no authentication, association, or user interaction is required.","content_text":"# CRITICAL: CVE-2026-7763 (CVSS 9.8) — multiple products\n\n**CVE:** CVE-2026-7763  \n**CVSS:** 9.8 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nA heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service (kernel panic) or potentially achieve Remote Code Execution via a crafted 802.11ah beacon frame containing a malformed Traffic Indication Map (TIM) Information Element. The function morse_page_slicing_process_tim_element() in page_slicing.c derives the TIM bitmap length directly from a received IE field without validating it against the fixed-size destination buffer before passing it to memset and memcpy operations, allowing up to 252 bytes of attacker-controlled data to be written beyond the buffer boundary. Because beacons are broadcast frames processed during passive scanning, no authentication, association, or user interaction is required.\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-7763)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-7763)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-7763)\n\n## References\n- https://www.morsemicro.com/security-advisories/MM-SA-2026-001\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-05T02:17:14.640","date_modified":"2026-06-05T21:16:31.080","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-7762-advisory","url":"https://lyrie.ai/research/research/cve-2026-7762-advisory","title":"CRITICAL: CVE-2026-7762 (CVSS 9.8) — multiple products","summary":"A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service (kernel panic) or potentially achieve Remote Code Execution via a crafted 802.11ah beacon or probe response frame containing a malformed S1G Capabilities Information Element (IE element ID 0xD9). The function morse_dot11ah_find_s1g_caps_for_bssid() uses the IE length field directly as the size argument to memcpy without validating it against the 15-byte destination buffer. An attacker can supply up to 255 bytes, causing an overflow of up to 240 bytes of attacker-controlled data into adjacent kernel heap memory. The vulnerability is triggerable during normal scanning without authentication, association, or user interaction.","content_text":"# CRITICAL: CVE-2026-7762 (CVSS 9.8) — multiple products\n\n**CVE:** CVE-2026-7762  \n**CVSS:** 9.8 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nA heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service (kernel panic) or potentially achieve Remote Code Execution via a crafted 802.11ah beacon or probe response frame containing a malformed S1G Capabilities Information Element (IE element ID 0xD9). The function morse_dot11ah_find_s1g_caps_for_bssid() uses the IE length field directly as the size argument to memcpy without validating it against the 15-byte destination buffer. An attacker can supply up to 255 bytes, causing an overflow of up to 240 bytes of attacker-controlled data into adjacent kernel heap memory. The vulnerability is triggerable during normal scanning without authentication, association, or user interaction.\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-7762)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-7762)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-7762)\n\n## References\n- https://www.morsemicro.com/security-advisories/MM-SA-2026-002\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-05T02:17:14.510","date_modified":"2026-06-05T21:16:30.907","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-48040-netty-netty-incubator-codec-ohttp","url":"https://lyrie.ai/research/research/cve-2026-48040-netty-netty-incubator-codec-ohttp","title":"CRITICAL: CVE-2026-48040 (CVSS 9.1) — netty netty-incubator-codec-ohttp","summary":"The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses for cryptographic operations versions prior to 0.0.22.Final provide a fallback path for direct ByteBufs that do not expose their memory address through `hasMemoryAddress()`. This fallback occurs when `sun.misc.Unsafe` is unavailable to Netty — for example, when the JVM is started with `-Dio.netty.noUnsafe=true`, when a SecurityManager restricts Unsafe access, or when running on non-HotSpot JVMs. In these configurations, Netty's default `PooledByteBufAllocator` returns `PooledDirectByteBuf` instances for which `hasMemoryAddress()` returns false.  Under the enabling JVM configuration, an unauthenticated network attacker can cause the OHTTP gateway to corrupt memory belonging to other concurrent connections and disclose the contents of adjacent pooled direct buffers by triggering cryptographic operations with crafted OHTTP requests. The corruption occurs regardless of whether the AEAD tag verification succeeds, as BoringSSL zeroizes the output buffer on failure. The information disclosure path provides the attacker with the encryption key needed to extract the leaked data. This violates the confidentiality and integrity of all connections sharing the same Netty buffer arena. Version 0.0.22.Final fixes the issue.","content_text":"# CRITICAL: CVE-2026-48040 (CVSS 9.1) — netty netty-incubator-codec-ohttp\n\n**CVE:** CVE-2026-48040  \n**CVSS:** 9.1 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n- netty netty-incubator-codec-ohttp\n\n## Summary\nThe netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses for cryptographic operations versions prior to 0.0.22.Final provide a fallback path for direct ByteBufs that do not expose their memory address through `hasMemoryAddress()`. This fallback occurs when `sun.misc.Unsafe` is unavailable to Netty — for example, when the JVM is started with `-Dio.netty.noUnsafe=true`, when a SecurityManager restricts Unsafe access, or when running on non-HotSpot JVMs. In these configurations, Netty's default `PooledByteBufAllocator` returns `PooledDirectByteBuf` instances for which `hasMemoryAddress()` returns false.  Under the enabling JVM configuration, an unauthenticated network attacker can cause the OHTTP gateway to corrupt memory belonging to other concurrent connections and disclose the contents of adjacent pooled direct buffers by triggering cryptographic operations with crafted OHTTP requests. The corruption occurs regardless of whether the AEAD tag verification succeeds, as BoringSSL zeroizes the output buffer on failure. The information disclosure path provides the attacker with the encryption key needed to extract the leaked data. This violates the confidentiality and integrity of all connections sharing the same Netty buffer arena. Version 0.0.22.Final fixes the issue.\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-48040)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-48040)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-48040)\n\n## References\n- https://github.com/netty/netty-incubator-codec-ohtt","date_published":"2026-06-04T18:16:31.220","date_modified":"2026-06-05T21:04:54.930","tags":["netty","critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-45758-advisory","url":"https://lyrie.ai/research/research/cve-2026-45758-advisory","title":"CRITICAL: CVE-2026-45758 (CVSS 9.6) — multiple products","summary":"Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. Aany user who installed `guardrails-ai==0.10.1` from PyPI on May 11, 2026 may be affected. Security researchers identified the malicious package within approximately 2 hours of publication, and PyPI quarantined the repository. Based on our telemetry, Guardrails AI maintainers have observed no requests to Guardrails AI infrastructure originating from the malicious 0.10.1 version, and a review of system and access logs has produced no evidence of user data exfiltration through their systems. Users should upgrade to version 0.10.2 or downgrade to version 0.10.0, both of which are unaffected. Those who installed version 0.10.1 should rotate any credentials accessible from their machine (GitHub PATs, cloud provider keys, package registry tokens, API keys) and audit their GitHub account for unauthorized workflows or repositories.","content_text":"# CRITICAL: CVE-2026-45758 (CVSS 9.6) — multiple products\n\n**CVE:** CVE-2026-45758  \n**CVSS:** 9.6 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n_See vendor advisory_\n\n## Summary\nGuardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. Aany user who installed `guardrails-ai==0.10.1` from PyPI on May 11, 2026 may be affected. Security researchers identified the malicious package within approximately 2 hours of publication, and PyPI quarantined the repository. Based on our telemetry, Guardrails AI maintainers have observed no requests to Guardrails AI infrastructure originating from the malicious 0.10.1 version, and a review of system and access logs has produced no evidence of user data exfiltration through their systems. Users should upgrade to version 0.10.2 or downgrade to version 0.10.0, both of which are unaffected. Those who installed version 0.10.1 should rotate any credentials accessible from their machine (GitHub PATs, cloud provider keys, package registry tokens, API keys) and audit their GitHub account for unauthorized workflows or repositories.\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-45758)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-45758)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-45758)\n\n## References\n- https://github.com/guardrails-ai/guardrails/blob/main/SECURITY_ADVISORY.md\n- https://github.com/guardrails-ai/guardrails/issues/1473\n- https://github.com/guardrails-ai/guardrails/security/advisories/GHSA-xmpw-2vmm-p4p6\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-05T20:17:32.357","date_modified":"2026-06-05T20:51:20.400","tags":["critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]},{"id":"https://lyrie.ai/research/research/cve-2026-10972-google-chrome","url":"https://lyrie.ai/research/research/cve-2026-10972-google-chrome","title":"CRITICAL: CVE-2026-10972 (CVSS 9.6) — google chrome","summary":"Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","content_text":"# CRITICAL: CVE-2026-10972 (CVSS 9.6) — google chrome\n\n**CVE:** CVE-2026-10972  \n**CVSS:** 9.6 (3.1) — `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H`  \n**Severity:** CRITICAL  \n**Status:** Critical advisory\n\n## Affected\n- google chrome\n- linux linux kernel\n\n## Summary\nUse after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)\n\n## Verified Sources\n- [NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-10972)\n- [GitHub Advisory](https://github.com/advisories?query=CVE-2026-10972)\n- [MITRE](https://cveawg.mitre.org/api/cve/CVE-2026-10972)\n\n## References\n- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html\n- https://issues.chromium.org/issues/513006660\n\n---\n_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._","date_published":"2026-06-04T23:17:00.400","date_modified":"2026-06-05T20:25:51.363","tags":["google","linux","critical"],"authors":[{"name":"Lyrie Threat Intelligence"}]}]}