depthfirst.com (security research blog)

https://depthfirst.com

AI-assisted vulnerability research blog; primary source for CVE-2026-42945 NGINX Rift (2026-05-13). Responsible disclosure track record confirmed. Added as candidate 2026-05-15. Candidate — promote to active after 3 runs with content contribution. | 2026-05-18: referenced as discovery source for NGINX Rift CVE-2026-42945 in-the-wild update; not directly cited in today's brief (citations go to The Hacker News + Security Affairs + NCSC-CH) | 2026-06-07: PRIMARY source for FFmpeg 21-zero-day AI-agent disclosure (CVE-2026-39210–39218), cited in deep-brief § 3 + § 5 cross-ref. Second contributing run — continue toward active after 3. | 2026-06-20 full audit (v2.62): live=Y, drill=Y. FETCH → webfetch https://depthfirst.com/research (listing — NOT the homepage, which is marketing-only) then webfetch per-article URL for body. AVOID: Homepage https://depthfirst.com is marketing/navigation only — go straight to /research for the dated post listing. Low publish cadence; no RSS observed..