Anonymous researcher drops 0-day 'exploitarium' repo
ID: 1d955387-cec7-5201-b142-d168628c471a
STIX ID: report--1d955387-cec7-5201-b142-d168628c471a
Feed Name: The Register (Security)
An anonymous researcher (alias "bikini") published an "exploitarium" repository claiming working exploit code for zero-day vulnerabilities across multiple open-source projects (libssh2, Gitea, Splunk, RustDesk, 7-Zip, VLC, AnyDesk, OpenVPN, c-ares, and others). At least two critical flaws — a pre-auth remote code execution in libssh2 and a Docker backend privilege-bypass/container escape in Gitea — have been independently verified with active exploitation observed; some patches have been merged but PoC availability increases the risk of wider attacks.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
