A security startup’s autonomous AI agent found 21 previously unknown vulnerabilities in FFmpeg, the open-source media library embedded in almost everything that touches video. The startup, depthfirst, says the run cost roughly $1,000 in compute. Some of the bugs had been hiding in the codebase for more than 20 years.

Days later, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a single browser release. Over 100 are critical or high severity. The two events arrived independently, but they point in the same direction: AI is finding vulnerabilities faster than humans can fix them.

Depthfirst’s agent scanned FFmpeg’s roughly 1.5 million lines of C and produced a reproducible proof-of-concept for each of the 21 zero-days. Most are heap or stack overflows in parsers and demuxers, spanning components from the TS demuxer to the VP9 decoder. One stack overflow in the service-description-table code dates to 2003.

Nine already carry CVE identifiers (CVE-2026-39210 through CVE-2026-39218). The rest have been fixed upstream but not yet numbered. Depthfirst has published proof-of-concept code.

FFmpeg is not new to AI-driven bug hunting. Google’s Big Sleep agent reported a run of FFmpeg bugs last year. Anthropic’s Mythos model pulled a 16-year-old H.264 flaw and others out of FFmpeg for about $10,000. Depthfirst claims to have done comparable work at a tenth of the cost.

Chrome 149’s record haul is a different story. Google has not attributed the 429 vulnerabilities to AI. But the company overhauled its bug bounty programme in April after a flood of AI-generated submissions, now asking researchers for concise reproducers instead of the long writeups AI tends to produce.

The worst bug, CVE-2026-10881, scores 9.6 on the CVSS scale. It is an out-of-bounds read and write in the ANGLE graphics engine that lets a crafted page escape Chrome’s sandbox and run code on the host. Google paid $97,000 for the report. Of the 22 critical bugs, 19 were found internally.

The pattern keeps repeating. An autonomous tool recently found an authenticated remote code execution flaw in Redis that had gone unnoticed for over two years. A February study showed an AI agent could reproduce working exploits for more than half of 100 real Linux kernel bugs, beating traditional fuzzing.

The hard problem is shifting. Finding these bugs has become cheap. Triaging the reports, shipping the fixes, and getting them installed has not. Much of that work still falls on volunteers and a thin layer of human triagers now expected to keep pace with machines. Mozilla patched 271 Firefox vulnerabilities found by Mythos in a single pass. The question is no longer whether AI can find the bugs. It is whether anyone can fix them fast enough.

Majority Audio is trying to make modern streaming audio more accessible with its new Link Series, which was previewed at High End in Vienna.

This is a range of compact devices that bring services like Spotify Connect and AirPlay 2 to older hi-fi setups. Pricing starts from just £59.

At the entry point is the Link Mini, a small streamer designed to plug into existing speakers, radios, or hi-fi systems., instantly adding wireless streaming.

The Link Mini supports AirPlay 2, Spotify Connect and TIDAL Connect, along with Wi-Fi 6, Bluetooth LE and Auracast compatibility. Additionally, it comes with both analogue and optical outputs, making it is a straightforward upgrade for legacy hi-fi kit.

Advertisement

The step up from the Mini is the Link View, which has a more visual approach. It introduces a 2.1-inch circular touchscreen paired with a rotary control dial, allowing users to browse playback, view album artwork and switch sources directly on the device.

Advertisement

Above the Link View is the Link Pro, which pushes further into all-in-one territory. Alongside streaming support, it adds DAB/DAB+ radio, internet radio and HDMI ARC. This gives it more flexibility for both music and TV audio setups. A larger 4-inch colour display helps manage playback and navigation. So, it makes the device feel closer to a compact hub than a basic streamer.

At the top of the range is the Link Pro Amp, a £299.95 streaming amplifier designed to drive passive speakers directly. It delivers up to 300W of output via a Texas Instruments Class-D amplifier, combining streaming, amplification and radio features in a single unit.

In addition, connectivity is extensive. It includes HDMI ARC, optical input, USB playback, Ethernet, analogue input and a dedicated subwoofer output.

Advertisement

Overall, the Link Series feels aimed at users who want to modernise their audio setup without moving into high-end pricing. Instead of pushing a full system replacement, Majority is focusing on incremental upgrades to existing kit

Advertisement

The self-replicating Miasma worm has reached Microsoft‘s own GitHub repositories. GitHub disabled 73 repositories across four Microsoft organisations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, after the worm planted malicious code that harvests developer credentials. It is the most significant escalation yet in an ongoing supply chain attack campaign that has been spreading across the open-source ecosystem for weeks.

The attack exploited previously compromised credentials. Last month, the threat group TeamPCP infected the “durabletask” PyPI package hosted in Microsoft’s Azure organisation to deliver an information stealer. Security researcher Paul McCarty pointed out that the same repository is at the centre of this month’s takedown.

“When the repo at the root of last month’s compromise is the hub of this month’s takedown, that is not a coincidence, that is the same wound reopening,” McCarty said. “Whoever held those credentials in May plausibly never fully lost them.”

What makes this campaign particularly dangerous is how the payload detonates. The attacker planted a 4.3 MB payload runner wired to execute automatically through five developer tools: Claude Code, Gemini CLI, Cursor, VS Code, and the npm test script. A developer only needs to clone an affected repo and open it in an AI coding agent for the malware to run.

Once triggered, the Bun-based worm harvests credentials for AWS, Azure, GCP, Kubernetes, npm, and GitHub. It then uses those stolen tokens to commit itself into any repository the victim can write to, spreading autonomously across the ecosystem.

Among the disabled repositories are critical Azure infrastructure projects: azure-search-openai-demo, durabletask and its .NET, Go, JS, and MSSQL implementations, functions-container-action, llm-fine-tuning, and windows-driver-docs. OpenSourceMalware reported that GitHub contained the attack within 105 seconds, but the scope of affected downstream users remains unclear.

Miasma is a variant of the Mini Shai-Hulud worm that TeamPCP publicly released in mid-May 2026. The original Shai-Hulud appeared in September 2025 as the first self-replicating malware observed in the npm ecosystem. It has since mutated across npm and PyPI, previously compromising 32 Red Hat packages and hitting TanStack, Mistral AI, and UiPath packages.

The worm has also begun skipping the npm registry entirely. SafeDep found it pushing malicious code directly to source repositories, including “icflorescu/mantine-datatable” and four related projects. As of writing, more than 80 public repositories on GitHub carry the Miasma campaign’s naming pattern.

The fundamental problem is not a vulnerability in npm or GitHub. “It exploits the trust model those platforms are built on,” security firm FalconFeeds.io said in its analysis. “The assumption that if a package is signed with a valid key and published by an authenticated maintainer, it is safe.” The worm compromises the key and the maintainer, then acts exactly like a legitimate publisher. From the registry’s perspective, every malicious publish event looks like a routine update.

The targeting of AI coding agents is a notable evolution. Developers increasingly rely on tools like Claude Code and Cursor to work with unfamiliar repositories. A worm that activates when an AI agent opens a project exploits a new behaviour pattern that did not exist a year ago. It is supply chain malware designed for the age of AI-assisted development.

AI and ML

Most orgs remain trapped between flashy demos and real-world deployment, despite 75% saying adoption is racing ahead

Three-quarters of enterprise leaders say they’re adopting agentic AI, but only a small minority have managed to move beyond pilots and into meaningful production deployments, according to Forrester. 

That won’t stop vendors from slapping “agentic” onto every product brochure they can find, but the analyst’s assessment is that most organizations remain stuck somewhere between experimentation and actual business value.

Agentic AI has reached an important milestone in 2026, says Forrester: “long-horizon agents are no longer off on the horizon.” 

In plain English, the bots are no longer clocking on for a five-minute task and calling it a day. Vendors have demonstrated agents capable of operating for days, weeks, or even months, with examples ranging from software development to research workflows.

The trouble starts when those demos collide with the realities of enterprise.

Forrester says companies are expanding their agentic ambitions while largely failing to scale them. Governance remains immature, platform strategies remain fuzzy, and many organizations are struggling to demonstrate a return on investment substantial enough to justify broader deployment.

Forrester’s argument is that companies aren’t struggling because they have too many AI agents, but rather they’re struggling because managing them gets messy fast. What works as a handful of experimental projects can become much harder to control once agents start operating across multiple systems and teams.

Many organizations are building agents in isolation, the report says, without a clear way to track them, manage them, or coordinate how they work together. That may be fine for a pilot, but it becomes more of a problem when dozens of agents are making decisions, calling tools, and passing information around an enterprise environment. 

The report warns that, as projects grow, companies often end up with overlapping systems, duplicated work, and agents behaving in ways that become increasingly difficult to predict.

Forrester is equally skeptical that governance policies alone will solve the problem. The firm notes that more than half of enterprises still experience what it calls “agentic sprawl” despite adopting governance frameworks and formal policies.

Its conclusion is that writing rules down is one thing; enforcing them is another. Companies are increasingly finding that autonomous systems need automated guardrails that can track what agents are doing and restrict what they’re allowed to do in real time.

For now, the industry’s biggest challenge may not be building AI agents. It’s finding useful work for them that survives contact with the enterprise. Or, as Forrester puts it:

“Until companies tie agent autonomy to measurable changes in how work gets done, agentic AI will remain stuck in proof-of-concept purgatory.” ®

Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website.

The security issue affects versions 1.9.12 and earlier of the plugin and can be leveraged without authentication to execute arbitrary code on the server.

Everest Forms Pro is a commercial add-on for the WordPress form builder plugin Everest Forms. It is used to create contact, registration, payment, and other custom application forms.

The CVE-2026-3300 vulnerability is in the plugin’s Complex Calculation feature, which accepts values submitted through form fields and inserts them into a PHP code string. Then, it executes the resulting code using PHP’s ‘eval ()’ function.

Although user input is passed through a ‘sanitize_text_field()’ function, which does not escape single quotes (‘) or other characters that influence PHP syntax.

As a result, an attacker can close the intended string, inject arbitrary PHP code, and comment out the remaining generated code to achieve code execution on the server.

Telemetry data from Wordfence firewall and malware scanner for WordPress shows that the vulnerability is being exploited in the wild to create rogue administrator accounts.

“The attacker submits a value for a text field that begins with a single quote to close the wrapping string literal, followed by a PHP statement that calls wp_insert_user() to create a new administrator account with the username ‘diksimarina’,” explains a report from Wordfence.

“The trailing // comment marker ensures the rest of the generated PHP code, including the closing quote, is treated as a comment and does not cause a syntax error.”

“When the form is processed, and the calculation is evaluated, the injected PHP code is executed, and the malicious administrator account is created.”

Administrator-level access gives attackers full power to perform high-risk actions on the breached website, including modifying content, installing plugins and themes, planting backdoors and webshells, and accessing private databases.

Researcher h0xilo submitted the CVE-2026-3300 vulnerability through Wordfence in February, and on March 18, the Everest Forms developer released a patch that addresses the issue.

According to Wordfence data, active exploitation started on April 13, with the firewall blocking over 29,300 attempts.

Wordfence says exploitation attempts originate primarily from two IP addresses, 202.56.2[.]126 and 209.146.60.26, and recommends defenders block them.

However, Wordfence’s report provides several offending IP addresses as indicators of compromise (IOCs).

Website administrators are also recommended to review log files and administrator accounts for any suspicious activity, especially containing the string “diksimarina.”

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Canor Audio might not be a household name in the U.S., but the Slovakia-based high-end manufacturer has built a serious reputation in Europe with its tube and hybrid amplifiers, preamplifiers, phono stages, DACs, CD players, and accessories. That matters, because Canor is part of a much larger story: the continued rise of Central and Eastern European high-end audio brands that are no longer asking politely for a seat at the table.

At High End Vienna 2026, Canor Audio is expanding its Performance Line with two new tube-based components: the Canor Verto D3 tube DAC and the Canor Asterion V3 tube phono preamplifier. Both models join the Virtus A3 hybrid tube integrated amplifier and continue Canor’s focus on combining modern engineering with the texture, dimensionality, and musical warmth that still keeps vacuum tubes alive in a world determined to make everything smaller, colder, and app-controlled.

Canor Verto D3: Tube DAC, Slovak Bite

The Canor Verto D3 is a high-end tube DAC built around a fully balanced, dual-mono discrete architecture. Its analog output stage uses four carefully matched E88CC tubes operating in pure Class A, with Canor aiming to bring more body, scale, and natural texture to digital playback.

The Verto D3 uses galvanically isolated digital inputs to reduce noise transfer between connected sources. Signal processing is handled by a multi-core XMOS controller, and format support extends to PCM up to 768kHz and native DSD512.

Connectivity includes USB, AES/EBU, coaxial digital, optical, and HDMI inputs, along with RCA and XLR analog outputs. Canor also specifies fixed and variable output options, allowing the Verto D3 to operate either as a traditional DAC or directly into a power amplifier.

The chassis combines machined aluminum and steel, while the front panel integrates a touchscreen into the precision-bearing control knob. Firmware updates are supported via USB.

Canor Asterion V3 Tube Phono Preamplifier

The Canor Asterion V3 is a tube-based phono preamplifier designed for both MM and MC cartridges. It includes balanced XLR and unbalanced RCA MC inputs, along with adjustable resistance and capacitance loading, giving users the flexibility to match the phono stage to a wide range of cartridges.

For moving-coil cartridges, the Asterion V3 uses a Lundahl step-up transformer to provide low-noise signal gain before the tube amplification stage. RIAA equalization is handled by a fully passive correction network using polystyrene and polypropylene capacitors.

The Asterion V3 also allows two cartridges to remain connected at the same time — one MM and one MC — with input switching from the front panel. Control is handled through a touchscreen integrated into the front-panel control knob, with remote operation also supported from the listening position.

The chassis is constructed from aluminum and steel, matching the industrial design language of Canor’s Performance Line components.

The Bottom Line

The Verto D3 stands out because it combines a fully balanced, dual-mono DAC architecture with a Class A tube output stage using four E88CC tubes, galvanically isolated digital inputs, high-resolution PCM and native DSD support, and variable output for direct connection to a power amplifier. That makes it more than a “warm-sounding DAC.” It is aimed at listeners who want digital playback with body, scale, and a less sterile presentation without abandoning modern format support.

The Asterion V3 is the more analog-obsessive piece, and possibly the more interesting one. Support for MM and MC cartridges, balanced and unbalanced MC inputs, adjustable loading, a Lundahl step-up transformer, passive RIAA correction, and the ability to keep one MM and one MC cartridge connected at the same time make it a serious phono stage for vinyl listeners who actually change cartridges instead of just talking about it on forums.

Competitors for the Verto D3 include tube and analog-leaning DACs from LampizatOr, Aqua Acoustic Quality, SW1X, BorderPatrol, and higher-end hybrid or R2R designs from brands such as HoloAudio and Denafrips. It will also face more conventional DAC competition from Chord, Benchmark, Mytek, dCS at the higher end, and MOON/Simaudio depending on system context.

The Asterion V3 competes more directly with phono stages from Manley, Zesto Audio, Allnic, E.A.T., Sutherland, Musical Surroundings, Gold Note, and Vertere. The Canor’s strongest argument is not just that it uses tubes, but that it combines tube gain, serious MC flexibility, balanced connectivity, and cartridge-loading adjustability in one chassis.

These are for listeners who want a high-end system with texture, dimensionality, and adjustability; not those chasing the cheapest way to add a glowing bottle behind a front panel. The Verto D3 and Asterion V3 also reinforce a bigger trend: Central and Eastern European high-end audio is no longer some charming regional side story. Brands like Canor are building serious components, and the usual Western European and American suspects should probably stop pretending nobody noticed.

Price & Availability

Canor Audio products can be purchased from Authorized Dealers (Contact Dealer for US Pricing).

Related Reading:

It should be remembered for the launch of iCloud, but instead the WWDC on June 6, 2011, will always be known as the last appearance of Steve Jobs at an Apple event. It was 15 years ago, today.

Even as early as WWDC 2006, there was concern over Steve Jobs’s health. By WWDC 2011 on June 6 that year, there was no denying that he was looking gaunt, and that he had less energy than we were used to.

But then by this time, there was also no denial that his health was poor. He’d had leaves of absence for treatment, and Apple had stopped pretending everything was fine.

While no one really believed Steve Jobs would ever leave Apple, there was nonetheless speculation over who would be his replacement. Ultimately, that would of course be Tim Cook, but that wasn’t known when Jobs stepped out onto the stage for WWDC 2011.

It is of course ridiculous to say that no one knew that this would be his last time fronting WWDC. But even amongst the rumors of succession and the news of his health, there wasn’t really speculation that this could ever be the end.

What there was, though, was a standing ovation for Jobs at the start.

“Thank you,” he said to the crowd. “It always helps, and I appreciate it very much.”

That was it for any acknowledgement of his own situation, though, as he immediately launched into a then very familiar spiel. “We’ve got an awesome morning together this morning,” he began.

“We’re going to talk about three things today,” he continued. “You know, if the hardware is the brain and the sinew of our products, the software in them is their soul, and today, we are going to talk about software.”

The significance of WWDC 2011

Good or bad, strong or weak, most annual WWDC events tend to blur together over time. There are exceptions such as 2011 with Jobs, 2020 with Apple Silicon, and there will be the 2026 that will see Tim Cook’s departure.

But there are some which introduce features that continue to be important to this day.

Mac OS X Lion was among the last things launched by Steve Jobs – image credit: Apple.

Advertisement

WWDC 2011’s launch of Mac OS X Lion wasn’t one of them. Good luck remembering what was in iOS 5. And if you got into the then-new iTunes Match in 2011, it feels as if Apple would really rather you now used Apple Music.

Yet central to WWDC 2011 and to Apple’s whole ecosystem today, there is . Today the only times you think of it are when you have to pay for extra iCloud storage, or the document you want has been uploaded from your to there to save space.

Yet central to WWDC 2011 and to Apple’s whole ecosystem today, there is iCloud. Today the only times you think of it are when you have to pay for extra iCloud storage, or the document you want has been uploaded from your Mac to save space.

In 2011, Steve Jobs had to sell us on this idea, and he had to sell it extra hard, because of Apple’s previous failures in this area.

“It just works,” he claimed, and you could sense the audience being dubious. “Now, you might ask, ‘why should I believe them? They’re the ones that brought me MobileMe.’”

“[MobileMe] wasn’t our finest hour, let me just say that,” he continued, “but we learned a lot.”

We’ll be talking about MobileMe soon enough. That in itself is a saga.

Anyway, Steve Jobs had brought us the iMac, the iPod, and the iPhone, which all in their different ways saved Apple. He brought us the iPad, too, which didn’t exactly ignite the world, but still it became ubiquitous and no rival tablet has come close to matching it.

But there is a good argument that iCloud should be right up there with those achievements. That’s because what is something no one has to think about today, it is an enormously important part of Apple and it was the last thing Jobs managed to pull off.

Apple launched iCloud at WWDC 2011 – image credit: Apple

It’s impossible to imagine now how you used to have to plug your iPod into your Mac to copy music across. Or that there were ways to store contacts on that device, but they again needed a physical connection.

Doubtlessly many at Apple wanted a better solution, but Jobs was one who’d already experienced the benefits of a seamless network. The networks that were run at his NeXT company meant you could turn to any Mac and carry on working as if it were your own.

Jobs wanted that for users, and in 2008, he nearly had it. Nearly. That was when MobileMe launched, and as a measure of how crucial such a part of the Mac and iPhone is, there’s Jobs’s reaction to its launch.

It took a time for Apple to move everyone over from the disastrous MobileMe to iCloud, but it eventually shuttered the old service.

As reported by Fortune magazine, coincidentally just ahead of his last WWDC, MobileMe was an immediate disaster. So much so that after its launch in 2008, Jobs held a meeting with the team behind it, and asked them what it was supposed to do.

When one brave soul described this idea of seamless integration between devices, Jobs said “so why the f*** doesn’t it do that?”

“You’ve tarnished Apple’s reputation…” he reportedly continued. “You should hate each other for having let each other down.”

So when he announced its successor on that WWDC 2011 stage, he wasn’t kidding about its history.

On that day, he talked about how everything synced and “I don’t have to be near my Mac or PC.” He doubled down on how easy it was to use too, saying “There’s nothing new to learn, it just all works.”

As was always the case when Apple did WWDC events live, there was of course a demo. There were several demos, including Eddy Cue very briefly showing how Photos now synced.

Some of the demos seemed a little trivial, such as photos, while others seemed obvious, such as email being pushed to all devices simultaneously. Today all of it seems like the way it must always have been, because it’s the way it should be.

Reality distortion field

That was what Steve Jobs had always been good at. He could make you convinced that of course Apple was the right company to make a phone, despite never having done one before.

He could sell you on Wi-Fi so much that the entire technology industry adopted it.

And here he was presenting the result of the same ideas he had been talking about when he returned to Apple.

In all, Steve Jobs presented about a quarter of that two-hour WWDC 2011, with Phil Schiller doing the majority of the rest. Jobs may have looked ill at the start, he may have seemed less energetic, but he was no less persuasive than he always was.

He would just never be that persuasive on stage again, or at least, not at an Apple Event.

Jobs did do one more thing after WWDC 2011. The very next day, he pitched to the Cupertino council for permission to build Apple Park.

He would never see the work on the building even started.