GitHub Repo Drops Undisclosed Zero-Days; OpenZL and Reddit Spam Defenses Spotlighted

·1 views

A GitHub repository called 'exploitarium' has been mass-releasing undisclosed zero-day exploits with proof-of-concept code for vulnerabilities not yet patched by vendors, raising urgent concerns for the security community. Separately, an open-source project named OpenZL has launched to make Zero-Knowledge Proofs more accessible to developers building privacy-preserving and zero-trust applications. The library provides tools and primitives supporting use cases such as private authentication, confidential transactions, and verifiable computation. In a third development, a detailed blog post has revealed the inner workings of Reddit's anti-spam architecture, covering machine learning models, heuristics, rate limiting, and user behavior analysis. Together, these highlights reflect growing activity across offensive security disclosure, cryptographic privacy tooling, and large-scale platform defense engineering.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Why Dynamic Pricing on Shopify Is an Architecture Problem, Not a Math One

A software developer has outlined a four-layer architecture designed to prevent dynamic pricing engines from causing widespread damage on live Shopify catalogs. The framework separates the roles of proposing a price, applying merchant policy, executing approved changes via the Admin API, and maintaining an immutable audit trail. A key principle is that the pricing engine can only suggest prices within hard-coded constraints, making rule violations structurally impossible rather than relying on runtime checks. The system is also designed to fail closed, meaning stale data or missing inputs freeze all price updates rather than allowing the engine to guess. The developer has published the framework as an open-source skeleton built on FastAPI, Celery, Postgres, and Redis, intended as a safe foundation for teams building toward production.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

n8n Expressions Guide: Use Dynamic Data Across Workflow Nodes

n8n expressions allow users to inject live data, perform calculations, format dates, and build strings dynamically within any workflow node field. Written in JavaScript and wrapped in double curly braces, expressions can reference the current item's data via $json or pull values from any previous node by name. Built-in variables such as $now for timestamps, $vars for workflow-level constants, and $env for environment secrets extend functionality further. Common use cases include generating dynamic URLs, formatting dates for spreadsheets, combining name fields, and safely handling missing data with nullish coalescing. Developers can activate expression mode in any n8n input field by clicking the equals icon, with a live preview pane displaying results in real time.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Two-File Supply Chain Attack Targets npm Package via Rogue Registry Redirect

A security researcher discovered a malicious pull request submitted to their open-source repository, sebs/etherscan-api, designed to redirect all npm package resolution to an attacker-controlled server. The PR was disguised as a routine refactor, adding a convincing description with bullet points and developer-friendly language to lower the maintainer's guard. The attack used just two file changes: a .npmrc file that silently overrode the default npm registry with a bare IP address on a non-standard port using unencrypted HTTP, and a package.json update adding a fake dependency to justify the .npmrc change. Because the rogue registry handled all package resolution, the attacker could serve trojaned versions of any dependency fetched during installation. The submitting account appeared legitimate, featuring an aged profile, repository history, and GitHub achievement badges, illustrating how modern supply chain attacks rely as much on social engineering as technical exploits.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Builds AI Painting Attribution Tool Using PyTorch and ResNet-50

A developer has created an artist attribution system that uses deep learning to predict the likely creator of a painting from an input image. The project leverages transfer learning with a pretrained ResNet-50 model rather than building a convolutional neural network from scratch, making training faster and more practical. Given an image, the model returns the top predicted artist along with a confidence score and the top three candidate guesses. The system supports multiple hardware environments, including NVIDIA CUDA, Apple Silicon, and standard CPUs, and can also run on cloud platforms like Google Colab. The project is intended as a practical introduction to computer vision, image classification, and fine-tuning techniques using PyTorch and torchvision.

0 comments Read more at DEV Community