Anonymous GitHub account mass-dropping undisclosed 0-days
Points and comments are a snapshot, not live.
Anonymous GitHub account bikini publishes untouched 0-days, offering PoCs for public credit.
The repository, exploitarium, consolidates proof-of-concept (PoC) exploits and vulnerability research writeups, many undisclosed at posting time. It includes 24 folders for targets like libssh2, FFmpeg, Floci API Gateway, Firefox, and 7-Zip. The author, using AI-assisted fuzzing (GPT-5.5-3-Codex-Spark) with a human harness, claims a degree in fuzzing methodology. Direct entries are tracked by commit history. The author encourages reporting for CVEs, warns against malicious use, and plans one new PoC per day after a delayed big drop.
What commenters are saying
Commenters split on open-source security. Some argue LLMs make automated bug hunting easier, shifting the calculus for open vs. closed source. Others note many listed exploits target open-source/free software, questioning if transparency is still beneficial when bots can scan code. A separate critique addresses US reliance on SSNs as secrets that are regularly exposed via breaches and ACH transfers. A few question whether these are all true 0-days, given the repo's open-disclosure framing.