ATTACKERS STRIKE UNPROTECTED SITES – BECAUSE CLEANUP ALONE IS NOT ENOUGH May 20, 2025 The Source Defense Research team has identified a troubling pattern: attackers are returning to previously compromised sites—this time leveraging a brand-new domain, css.telechargent[.]com, that was still clean on VirusTotal and other blacklists at the time of detection. Because this domain had no The post Attackers strike unprotected sites – because cleanup alone is not enough appeared first on Sourc...| Source Defense
NEXT LEVEL ATTACK: SEVERAL GTMS WORKING IN SYNC, CSS AND DOM EXPLOITED May 6, 2025 A sophisticated attack leveraging coordinated Google Tag Managers, CSS obfuscation, and DOM-based execution to deploy counterfeit payment forms and exfiltrate data via WebSocket The Source Defense Research Intelligence team has uncovered a sophisticated cyberattack targeting e-commerce websites globally. While prior The post Next level attack: Several GTMs working in sync, CSS and DOM exploited appeared first o...| Source Defense
MULTIPLE WEBSITES BREACHED THROUGH COMPROMISED HOSTING SERVICE April 22, 2025 A new attack has been disclosed, hidden within a known and trusted source—effectively bypassing solutions that rely on Content Security Policy (CSP), where such sources are typically whitelisted. The Source Defense Research Team has uncovered another sophisticated breach affecting numerous websites, including UK-based restaurant websites The post Multiple websites breached throuh compromised hosting service app...| Source Defense
Payment Card Industry Data Security Standard PCI DSS v4.0 6.4.3 and 11.6.1 Resources In March 2022, the Payment Card Industry Security Standards Council released a revised version of its Data Security Standard, commonly known as PCI DSS v4.0. In this revised version are two new sections, 6.4.3 and 11.6.1 which offer guidance regarding 3rd, 4th,| Source Defense