logo

Anonymous researcher drops 0-day 'exploitarium' repo

ID: 1d955387-cec7-5201-b142-d168628c471a

STIX ID: report--1d955387-cec7-5201-b142-d168628c471a

Feed Name: The Register (Security)

Threat Score
80/100

Date Published: 2026-06-29

Date Updated: 2026-07-02

...
...

An anonymous researcher (alias "bikini") published an "exploitarium" repository claiming working exploit code for zero-day vulnerabilities across multiple open-source projects (libssh2, Gitea, Splunk, RustDesk, 7-Zip, VLC, AnyDesk, OpenVPN, c-ares, and others). At least two critical flaws — a pre-auth remote code execution in libssh2 and a Docker backend privilege-bypass/container escape in Gitea — have been independently verified with active exploitation observed; some patches have been merged but PoC availability increases the risk of wider attacks.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.