Skip to content

Anonymous Researcher Publishes 24 Zero-Days in Open-Source Software

The Point: An anonymous security researcher has disclosed 24 zero-day vulnerabilities in open-source projects including PHP and RustDesk using AI-assisted analysis.

An unknown security researcher has made two dozen previously unknown security vulnerabilities (zero-days) in widely used open-source software public. The vulnerabilities were identified with AI assistance and affect, among others, PHP and RustDesk.

An anonymous security researcher has published two dozen zero-day vulnerabilities in open-source software on a platform called Exploitarium. The vulnerabilities were identified with AI assistance and affect a broad spectrum of projects, including the widely used programming language PHP as well as the remote access solution RustDesk.

The disclosure occurred without prior notification of the affected projects or vendors – an approach that is criticized as irresponsible disclosure. The researcher justifies the publication as a “gift” to the open-source community, but thereby creates significant risks for organizations using this software.

For CISOs, this means an immediate obligation to assess open-source components used in their own environments. The affected projects – particularly the widely used solutions – now require rapid security updates, the development and testing of which will require resources from the project maintainers. The use of AI in vulnerability discovery also suggests that automated scanning techniques will be able to identify vulnerabilities faster and more broadly in the future than manual audits.


Source: www.heise.de · Published July 1, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.

Share on: