cybercrime.clubhttps://cybercrime.club/tags/depthfirst/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usMon, 08 Jun 2026 11:12:48 -0400An AI Agent Found 21 Zero-Days in FFmpeg for $1,000 — and Your Container Images Are in Scopehttps://cybercrime.club/posts/ffmpeg-depthfirst-ai-agent-21-zero-days-cve-2026-39210/Mon, 08 Jun 2026 11:12:48 -0400https://cybercrime.club/posts/ffmpeg-depthfirst-ai-agent-21-zero-days-cve-2026-39210/depthfirst's autonomous agent found 21 zero-days in FFmpeg for about $1,000, including a 23-year-old stack overflow. Nine carry CVEs (CVE-2026-39210 through CVE-2026-39218). FFmpeg is bundled everywhere — patch upstream and your embedded copies.vulnerabilities