Tag
An autonomous AI agent from depthfirst discovered 21 zero-day vulnerabilities in FFmpeg, including a network-reachable RCE via a single 183-byte packet, for only $1,000 in compute costs; the find highlights the disparity between automated bug finding and patching.
The article proposes a new severity model for vulnerability reporting based on collision counts and the presence of working exploits, arguing that the current disclosure model is broken and that patches should be prioritized when multiple researchers find the same bug or exploits are public.
Calif researchers, with help from the AI tool Mythos Preview, built the first public macOS kernel memory corruption exploit on Apple M5 hardware, bypassing MIE. The exploit chain took 5 days and will be fully disclosed after Apple fixes the vulnerabilities.
Joanna Rutkowska announces the relaunch of her blog after a seven-year hiatus, reflecting on her past work with Qubes OS and her evolving perspective on rationality versus humanism.