winfunc

Node.js disclosed a bug submitted by @winfunction: hackerone.com/reports/3465156 #hackerone #bugbounty

The Recent CVEs in React and Node.js Were Found by an AI - winfunc.com/blog/recent-0-… In December 2025 and January 2026, an AI system autonomously discovered zero-day vulnerabilities in Node.js and React, two of the most widely deployed JavaScript runtimes and frameworks in the world. This post documents how these vulnerabilities were found, the technical details of the flaws, and what this means for the future of security research.

The Recent 0-Days in Node.js and React Were Found by an AI winfunc.com/blog/recent-0-…

New blog post: The Recent 0-Days in Node.js and React Were Found by an AI Covering the discovery of 0-days with AI, its implications, and "AI slop". Have a read. winfunc.com/blog/recent-0-…

we've a few more up our sleeves. soon. 👾

A new vulnerability in React Server Components (CVE-2026-23864) was disclosed today. One of the DoS vectors was discovered by me with the help of an AI agent @winfunction. Other vectors were also discovered by @ryotkak et al. All users should upgrade to a patched version as soon as possible. vercel.com/changelog/summ…

🚨 CVE-2026-21636 in Node.js (@nodejs) Node.js permission model bypass via unchecked Unix Domain Socket connections (UDS) This vulnerability was autonomously discovered by winfunc.com, an AI agent that can find, exploit, and patch security vulnerabilities in codebases. Thanks to @_rafaelgss for triaging and fixing the issue.

Node.js Security Release Bulletin: #nodejs-permission-model-bypass-via-unchecked-unix-domain-socket-connections-uds-cve-2026-21636---medium" target="_blank" rel="nofollow noopener">nodejs.org/en/blog/vulner…

Read the Hacktivity here: winfunc.com/hacktivity/nod…

this is how long it took for the @winfunction agent to find and exploit a gnarly 0-day in a critical software. we'll write about it soon! can't wait to show off what we've been cooking! 🥷

Over five years ago, I started publishing the top trending open-source startups every quarter — the ROSS Index. It has become a handy tool for 60K+ developers, founders, and other OSS fans who have visited it to date. Today, I'm thrilled to make it even more useful, as we are open-sourcing all its data for more than 20 quarters on GitHub, in a convenient format. Explore our repo and star it to be notified about new index releases. And, of course, now is also the time to reveal the fresh top 20 startups by GitHub stars growth for Q3 2025 — one can find more details on them in the repo too!

everyone wins @winfunction.

@morganamurgath check dms!

@getAsterisk join

Announcing Opcode Everyone's favorite Claude Code GUI Claudia is now Opcode... with a complete revamp. And we just hit 15K+ stars on GitHub! The support from the community has been immense! ❤️ What's new: - Feature parity with all new Claude Code features in the CLI. - A complete UI revamp, faster and cleaner. What's coming: - Opcode's own coding agent that exclusively uses open models while achieving SOTA performance on coding benchmarks. We're currently piloting this at companies requiring fully local on-prem coding agents. If you're one of them, reach out to us and we'll set this up for you! Try Opcode at opcode [dot] sh Like/retweet and reply to this tweet with "join" to get an invite to the Discord server and beta test our coding agent for free.

@Brahmat53891444 invite sent!

@getAsterisk Join

@alejandrGZAX check dms! 👀

@getAsterisk Join 👀🔥

@numosine invite sent, check dms!

@getAsterisk join

@SEDIDEL invite sent, check dms!

@getAsterisk Join :)

@JDemeulemeestr thank you, dmed!

@getAsterisk Cheers, enabled

@JDemeulemeestr please enable your DMs or sent us a message and will send over the invite!

@getAsterisk Join