An anonymous GitHub account has begun releasing previously undisclosed zero-day vulnerabilities in popular software, including Floci and FFmpeg. The account claims to utilize an AI-driven fuzzing workflow and intends to share serious vulnerabilities, impacting software security practices.
An anonymous GitHub account has announced the release of several zero-day vulnerabilities affecting tools such as Floci, libssh2, and FFmpeg. This release marks a significant contribution to the security community, focusing on impactful vulnerabilities rather than incomplete or trivial ones.
The individual behind the account disclosed their use of AI, specifically GPT-5.5-3-Codex-Spark, to automate their fuzzing workflow. They argue that effective human oversight and a robust harness eliminate the need for state-of-the-art models to identify vulnerabilities efficiently.
The account encourages collaboration and discussion with other security researchers. They expressed awareness of feedback regarding the usability of their proof-of-concept code and plan to revise them to make them more accessible.
Looking ahead, the anonymous user promises to deliver a new proof-of-concept daily after this initial major release. They are focused on ensuring that their work continues to drive security improvements in the community.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
An anonymous GitHub account has begun releasing previously undisclosed zero-day vulnerabilities in popular software, including Floci and FFmpeg. The account claims to utilize an AI-driven fuzzing workflow and intends to share serious vulnerabilities, impacting software security practices.