Developer Builds FoilSuite, a Local-First Browser and IoT Security Toolkit

·1 views

A developer and PhD researcher at Singidunum University has released FoilSuite, an open-source security toolkit designed to operate entirely without sending user data to external servers. The suite includes FoilGuard, a Chrome extension that detects phishing, typosquatting, and Unicode impersonation attacks using on-device logic only. A companion tool, FoilVault, functions as a zero-knowledge password manager that blocks autofill if the current domain is flagged as suspicious. The third component, FoilLab, is a weekly challenge platform offering hands-on exercises in network analysis, IoT firmware reverse engineering, and log forensics. The project stems from the creator's research into decentralized, tamper-resistant communication for constrained IoT devices and aims to challenge the norm of relying on cloud infrastructure for security decisions.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

How Developers Can Build a Live CS2 Score Bot for Discord in 50 Lines

A developer tutorial published on DEV Community outlines how to create a Discord bot that displays live Counter-Strike 2 match scores using Node.js and the Tachio Sports API. The bot fetches real-time match data — including scores, maps, formats, and betting odds — and posts formatted updates to a designated Discord channel every 60 seconds. The project requires setting up a Discord application, installing the discord.js library, and authenticating with environment variables for the bot token and API key. Developers can optionally add a slash command so users can manually trigger score updates on demand. The guide also suggests deploying the bot for free on Railway, making it accessible to Discord server owners without hosting costs.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Polymarket Confirms Hack via Third-Party Vendor; Affected Users Promised Full Refunds

Crypto prediction platform Polymarket confirmed that hackers stole user funds after compromising a third-party vendor, which was used to inject malicious code into the platform's website. Spokesperson Connor Brandi told TechCrunch that the vendor breach directly resulted in theft, though the company declined to disclose the total amount stolen, the vendor's identity, or the precise attack mechanism. Blockchain security firm PeckShield independently flagged suspicious on-chain activity around the same time Polymarket made its public announcement. The attack is classified as a supply chain breach, meaning Polymarket's own smart contracts were not compromised — the vulnerability existed in the conventional web infrastructure surrounding them. The platform says it has contained the incident and is contacting affected users directly with commitments to issue full refunds.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Nylas Agent Policies Let Developers Set Per-Tier Email Quotas for Multi-Tenant Apps

Multi-tenant email setups traditionally apply identical send limits, storage caps, and retention windows to all customers regardless of their tier, creating problems for both free and enterprise users. Nylas addresses this through a policy-based system where reusable policy objects define daily send limits, storage ceilings, and retention periods that can be assigned to workspaces. Each workspace holds a single policy, and every Agent Account within that workspace automatically inherits its limits, eliminating per-account configuration. When a tenant is provisioned, developers simply place them in the appropriate workspace bucket and the tier's caps apply immediately. This server-side enforcement means quota tracking, retention pruning, and storage monitoring are handled by Nylas rather than requiring custom application logic.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer builds dependency-free unit converter with 70+ units and 165 tests

A developer has released a browser-based unit converter that runs entirely client-side with no external dependencies, no ads, and no server communication. The tool covers seven categories — length, weight, temperature, volume, area, speed, and data — supporting over 70 units in total. It features real-time bidirectional conversion, a swap button, an all-units panel, and a formula display showing conversion factors. The project is packaged as a single HTML file requiring no build tools or package manager. Reliability was a key focus, with 165 automated tests written using only Node.js's built-in assert module, covering edge cases, roundtrips, and known reference values.

0 comments Read more at DEV Community