Anonymous account bikini/exploitarium consolidates 22 PoC folders for undisclosed 0-days

The repository consolidates prior standalone PoCs by commit hash and adds 11 new direct entries dated June 23-26 2026. Each folder contains working proof-of-concept code for issues such as CVE-2026-55200 in libssh2, use-after-free in c-ares TCP handling, and container escape via docker cp. Tree verification confirmed 96 tracked entries matched original blob IDs with zero mismatches across 12 source repositories.

Mainstream coverage tracks single high-profile 0-days but rarely monitors anonymous mass publication. The pattern here matches prior low-volume drops by accounts that later fed into ransomware toolkits within 14-21 days. Supply-chain exposure increases because these PoCs target widely deployed libraries without coordinated disclosure timelines or vendor prenotification.

Operational impact centers on detection engineering. Defenders must now ingest raw GitHub commit streams for new exploit patterns rather than waiting for CVE publication. The account's Discord handle provides a single point for coordination that may accelerate follow-on drops or selective private sharing.

No vendor patches reference these entries as of the latest commit. Monitoring for weaponization requires tracking binary similarity against the published PoC artifacts.