Here is the hard truth: Installing a third-party security patch (like from Mageplaza or OpenMage) might block known exploits, but GitHub repos update daily with zero-day bypasses.
GitHub has become the de facto distribution network for Magento 1.9.0.0 exploits. While ethically dubious, these repos provide a unique telemetry source for defenders. The next logical step is automated tooling that watches GitHub's magento-exploit topic and pushes WAF signatures to Cloudflare/ModSecurity in near real-time. magento 1.9.0.0 exploit github