News.Risky.Biz
Anonymous Researcher Publishes Zero-Day Exploits for Major Software Projects
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
An anonymous researcher known as Bikini has released exploit code for over a dozen zero-day vulnerabilities affecting 15 popular open-source projects, including the Linux kernel and Libssh2. The exploits were disclosed without prior notification to the vendors, raising concerns about potential widespread attacks. Notably, two vulnerabilities, CVE-2026-55200 in Libssh2 and CVE-2026-20896 in Gitea, are already being actively exploited. The researcher claims to have utilized OpenAI's GPT-5.5 Codex AI model for vulnerability discovery. As of now, several projects have begun patching the vulnerabilities, with nine confirmed and assigned CVE identifiers. The release of these exploits marks a growing trend in the infosec community, where researchers are increasingly opting to publish findings without vendor notification. The situation remains fluid as more vulnerabilities may be disclosed in the coming days.
Key Points: • Anonymous researcher Bikini released zero-day exploits for 15 software projects. • Two critical vulnerabilities are actively exploited, including CVE-2026-55200 in Libssh2. • The trend of publishing zero-day exploits without vendor notification is increasing.