Skip to content
The Coolest Info

The Coolest Info

  • Writer AI vulnerability could leak session tokens across tenant boundariesJuly 7, 2026
  • Windows device ID helped FBI trace alleged Scattered Spider hacker to 19-year-oldJuly 7, 2026
  • DEBULL tool abuses Microsoft device-code flow to hijack M365 accountsJuly 7, 2026
  • A Single Public GitHub Issue Can Leak Your Private Repos Through AI AgentsJuly 7, 2026
  • The CI Attack Your Security Scanners Won’t Catch: Cordyceps and GitHub ActionsJuly 7, 2026
  • Spain Nabs Suspected Pro-Russian Hacktivist in Palencia RaidJuly 7, 2026
  • When AI Writes Your Code, the Supply Chain Security Question Gets HarderJuly 7, 2026
  • New Januscape Linux Kernel Flaw Lets Attackers Escape VMs on Intel and AMDJuly 7, 2026
  • China-Linked Hackers Hit US and Canadian Universities via Roundcube FlawsJuly 7, 2026
  • Microsoft Enables Windows Settings Backup by Default for Enterprise DevicesJuly 7, 2026
  • Google Sues Chinese Scammers Using Gemini to Run Phishing OperationJuly 7, 2026
  • CERT/CC Warns of Hidden Admin Backdoor in Tenda Router FirmwareJuly 7, 2026
  • Microsoft Tests New Cloud Rebuild Recovery Tool for Windows 11July 7, 2026
  • WordPress KeepInMind Plugin Flaw Lets Contributors Hijack Admin SessionsJuly 7, 2026
  • MEmu Android Emulator 9.2.7.0 — Local Privilege Escalation Exploit PublishedJuly 7, 2026
  • BeyondTrust Patches Critical Auth Bypass Flaws — Update NowJuly 7, 2026
  • Moody Bible Institute Breach Dumps Data on 2.3 Million People After Ransom Demands Weren’t MetJuly 7, 2026
  • Sainsbury’s Triples Down on Facial Recognition — Privacy Advocates Are FuriousJuly 7, 2026
  • NatWest CEO Becomes the Latest Banking Exec Targeted by an AI Deepfake ScamJuly 7, 2026
  • Canada’s Spy Agency Ran State-Authorized Cyberattacks on Drug Traffickers and Ransomware GangsJuly 6, 2026
  • Microsoft Finally Lets Teams Users Turn Off AI Features After BacklashJuly 6, 2026
  • Iran-Linked Hackers Deploy New ‘Cavern’ C2 Framework Against Israeli TargetsJuly 6, 2026
  • Fake IT Support Calls on Microsoft Teams Are Dropping EtherRAT MalwareJuly 6, 2026
  • Fake Job Interviews From Big Brands Are Actually Phishing for Google AccountsJuly 6, 2026
  • Veil#Drop Campaign Uses Blogspot to Deliver Info-Stealing MalwareJuly 6, 2026
  • News
  • Crypto Predictions
The Coolest Info

The Coolest Info

  • News
  • Crypto Predictions
  • Home
  • 2026
  • June
  • 13
  • Security Researcher Finds 21 Zero-Day Vulnerabilities in FFmpeg
  • Technology

Security Researcher Finds 21 Zero-Day Vulnerabilities in FFmpeg

The TeamJune 13, 2026June 13, 202601 mins

A security firm has discovered 21 zero-day vulnerabilities in FFmpeg, one of the most widely deployed multimedia libraries in the world, powering everything from web browsers to major streaming platforms.

The findings, published by security research firm Depthfirst, used an autonomous security agent to analyze FFmpeg’s roughly 1.5 million lines of heavily optimized C code. The agent produced concrete, reproducible proof-of-concept inputs to confirm each vulnerability, at a fraction of the cost of traditional manual auditing.

Several of the zero-days had been sitting undetected in the codebase for an estimated 15 to 20 years, despite FFmpeg being one of the most heavily fuzzed and audited open-source projects on the planet. Depthfirst’s agent also demonstrated a remote code execution exploit primitive using some of the findings.

The discovery comes on the heels of similar efforts by Google’s Big Sleep team, which disclosed 13 FFmpeg vulnerabilities, and Anthropic’s Mythos model, which also found security issues in the library. Those efforts proved that advanced AI models can reason through dense, hardened C code that has resisted traditional analysis.

Depthfirst wanted to see how far they could push with publicly available models, without access to specialized tools like Mythos. The answer: pretty far. The 21 zero-days suggest that even after decades of scrutiny and recent AI-assisted audits, serious vulnerabilities remain hiding in critical open-source infrastructure.

FFmpeg’s reach makes this especially concerning. The library is embedded in virtually every major browser, streaming platform, and media processing pipeline on the internet. A critical vulnerability in FFmpeg isn’t just a bug in one project, it’s a bug in half the internet.

FFmpeg maintainers have been notified and patches are expected in upcoming releases.

Tagged: Account Security AethexAI FFmpeg VPN zero-day vulnerabilities

Post navigation

Previous: Anthropic Forced to Pull Fable 5 and Mythos 5 After US Government Export Order
Next: Google Files Lawsuit to Dismantle AI-Powered Text Scam Operation

Related News

Microsoft finally fixes Windows 11 bug that let a single file eat 500GB of storage

July 7, 2026

Doom developer id Software reportedly hit by massive Xbox layoffs — half the studio cut

July 7, 2026

Google sets Pixel 11 launch event for August 12th

July 7, 2026

iRobot’s Newest Floor Cleaner Isn’t a Robot — It’s a $399 Manual Mop-Vac

July 7, 2026

Recent Posts

  • Bitcoin may be near a cycle bottom as over half of supply sits at a loss, K33 says
  • Microsoft finally fixes Windows 11 bug that let a single file eat 500GB of storage
  • Doom developer id Software reportedly hit by massive Xbox layoffs — half the studio cut
  • Google sets Pixel 11 launch event for August 12th
  • Writer AI vulnerability could leak session tokens across tenant boundaries

Recent Comments

No comments to show.

Archives

  • July 2026
  • June 2026

Categories

  • Cryptocurrency
  • Security
  • Security Advisories
  • Technology
  • Crypto Predictions
Online Newspaper - News / Magazine WordPress Theme 2026.
Back To Top