← All stories
● Covered by 1 source Β· 1 reportHigh impact

Anonymous GitHub user releases unpublished zero-days for major software

Aggregated by BrevFeed security Β· updated 4d ago
πŸ”– Save

An anonymous GitHub account has begun releasing previously undisclosed zero-day vulnerabilities in popular software, including Floci and FFmpeg. The account claims to utilize an AI-driven fuzzing workflow and intends to share serious vulnerabilities, impacting software security practices.

Key points

New Vulnerability Releases

An anonymous GitHub account has announced the release of several zero-day vulnerabilities affecting tools such as Floci, libssh2, and FFmpeg. This release marks a significant contribution to the security community, focusing on impactful vulnerabilities rather than incomplete or trivial ones.

AI in Fuzzing

The individual behind the account disclosed their use of AI, specifically GPT-5.5-3-Codex-Spark, to automate their fuzzing workflow. They argue that effective human oversight and a robust harness eliminate the need for state-of-the-art models to identify vulnerabilities efficiently.

Community Engagement and Collaboration

The account encourages collaboration and discussion with other security researchers. They expressed awareness of feedback regarding the usability of their proof-of-concept code and plan to revise them to make them more accessible.

Future Commitments

Looking ahead, the anonymous user promises to deliver a new proof-of-concept daily after this initial major release. They are focused on ensuring that their work continues to drive security improvements in the community.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

An anonymous GitHub account has begun releasing previously undisclosed zero-day vulnerabilities in popular software, including Floci and FFmpeg. The account claims to utilize an AI-driven fuzzing workflow and intends to share serious vulnerabilities, impacting software security practices.