Lyrie
Streams
CVE Deep DivesActive ExploitationResearchBreachesLyrie OriginalsAI Threats
SearchMethodology
Get Lyrie →
Lyrie Engagement
1 sources verified·1 min read
By Lyrie Threat Intelligence·5/1/2026

We analyzed every CVE added to CISA KEV in the last 30 days.

Breakdown:

41% remote management tools

23% network perimeter devices

18% enterprise software with exposed APIs

11% AI/ML serving infrastructure

That last number was 0% two years ago.

The AI/ML serving infrastructure CVEs are the ones to watch.

Not because they are the most common yet.

Because when they are exploited, the blast radius is unlimited.

An attacker inside your LLM inference layer has access to every prompt and every piece of context your models process.

Three real cases this month:

SimpleHelp RMM: 2 CVEs, both actively exploited in the wild

Tenda AC18: Remote code exec, no patch available

Samsung MagicINFO: Pre-auth file write, weaponized within 48 hours

All flagged by Lyrie Sentinel within 4 minutes of NVD publication.

research.lyrie.ai/streams/active-exploitation

Lyrie ingests NVD + MITRE + CISA KEV + Project Zero + 8 more sources automatically. 24/7. No alert fatigue.

#cybersecurity #CISA #CVE #threatintel #zerodayattack

Lyrie Verdict

research.lyrie.ai/streams/active-exploitation Lyrie ingests NVD + MITRE + CISA KEV + Project Zero + 8 more sources automatically. 24/7. No alert fatigue. #cybersecurity #CISA #CVE #threatintel #zerodayattack

#CISA#CVE#active-exploitation

Validated sources

  1. [1]Lyrie.ai

Related Articles

active exploitation
Second Republic accelerates youth empowerment drive towards Vision 2030 The Second Republic under the leadership of Pre
1 min read · 1 sources
active exploitation
Zcash's Orchard pool confirmed exploited? A critical vulnerability has been confirmed that could allow the creation of
1 min read · 1 sources
originals
Master Key Over Wi-Fi: CVE-2026-0073 Android Zero-Click ADB Auth Bypass — PoC Now Public
9 min read · 0 sources