A buyer purchased an Essential Plugin portfolio on Flippa, inserted a dormant PHP backdoor across 30+ WordPress plugins (via an unserialize RCE and an unauthenticated REST endpoint), and later activated it to deliver stealth SEO spam and redirects—using an Ethereum smart contract for resilient C2 resolution—before WordPress.org removed the plugins and pushed emergency updates. The compromise is a large-scale supply-chain attack echoing prior incidents where new owners weaponized popular plugins.

Nothing Ever Happens is an async Python bot for Polymarket that automatically buys “No” on standalone non-sports yes/no markets. It provides runtime components, a dashboard, recovery/persistence, paper vs live trading modes (live requires specific env vars and blockchain/DB credentials) and deployment helpers (Heroku, scripts) for operators.

The author added a small Makefile change and a buildcache Lua wrapper to cache Firefox’s deterministic WebIDL Python codegen step, letting buildcache intercept and replay generated outputs. Measured clobber rebuilds drop dramatically with a warm cache (example: ~5m35s cold → ~1m12s warm with the wrapper), and the technique can extend to other codegen steps.