AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
June 8, 2026
Depthfirst’s autonomous AI security agent spent $1,000 to find 21 zero-days in FFmpeg, including an unauthenticated RCE triggered by a
Application Security
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
Depthfirst's autonomous AI security agent spent $1,000 to find 21 zero-days in FFmpeg, including an unauthenticated RCE triggered by a 183-byte packet.
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
Anthropic has deployed six engineers inside NSA to operate Mythos, an AI reported capable of zero-day exploitation across major operating systems and browsers.
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Researcher Taylor Hornby used Claude Opus 4.8 to uncover a four-year-old Zcash Orchard flaw that could have enabled undetectable counterfeit ZEC creation.
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
Volexity found Chinese APT VerdantBamboo used new PLENET and AGENTPSD malware to maintain 18 months of undetected Microsoft 365 access via MSP compromise.
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
JFrog researchers discovered IronWorm, a Rust-based infostealer with an eBPF rootkit, injected into 36 npm packages to steal AI API keys and self-propagate.
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
AppEsteem found a Monero cryptominer bundled inside Hola Browser's Windows installer, hidden as a Windows service and excluded from Windows Defender scanning.
CISA Flags Magento RCE CVE-2026-45247; 150K Stores Exposed
CISA added CVE-2026-45247 to its KEV catalog, confirming active exploitation of a CVSS 9.8 Magento RCE flaw that threatens 150,000 e-commerce stores worldwide.
Burst Statistics CVE-2026-8181 Under Mass Exploitation
CVE-2026-8181 in Burst Statistics for WordPress is under mass exploitation, with Wordfence blocking 7,400 daily attempts against over 200,000 affected sites.
Public PoC Released for Cisco Unified CM SSRF Bug
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on enterprise systems.
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
Team Xint Code used an AI tool to find CVE-2026-23479, a two-year-old Redis RCE posing high risk in cloud environments where Redis runs without authentication.
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
June 8, 2026
Anthropic has deployed six engineers inside NSA to operate Mythos, an AI reported capable of zero-day exploitation across major operating
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
June 8, 2026
Researcher Taylor Hornby used Claude Opus 4.8 to uncover a four-year-old Zcash Orchard flaw that could have enabled undetectable counterfeit
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
June 8, 2026
Volexity found Chinese APT VerdantBamboo used new PLENET and AGENTPSD malware to maintain 18 months of undetected Microsoft 365 access
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
June 5, 2026
JFrog researchers discovered IronWorm, a Rust-based infostealer with an eBPF rootkit, injected into 36 npm packages to steal AI API
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
June 5, 2026
AppEsteem found a Monero cryptominer bundled inside Hola Browser’s Windows installer, hidden as a Windows service and excluded from Windows
CISA Flags Magento RCE CVE-2026-45247; 150K Stores Exposed
June 4, 2026
CISA added CVE-2026-45247 to its KEV catalog, confirming active exploitation of a CVSS 9.8 Magento RCE flaw that threatens 150,000
Burst Statistics CVE-2026-8181 Under Mass Exploitation
June 4, 2026
CVE-2026-8181 in Burst Statistics for WordPress is under mass exploitation, with Wordfence blocking 7,400 daily attempts against over 200,000 affected
Public PoC Released for Cisco Unified CM SSRF Bug
June 4, 2026
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
June 4, 2026
Team Xint Code used an AI tool to find CVE-2026-23479, a two-year-old Redis RCE posing high risk in cloud environments
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.