In a recent attack spotted by the Source Defense Cyber Research team, a compromised first-party script on a payment page stored sensitive data in a cookie named csp_f_y. The exfiltration didn’t happen immediately—it was triggered on the next page load using location.href, slipping past content security policies (CSP) that would have otherwise blocked malicious outbound requests.| Source Defense
A new report by Recorded Future's Insikt Group reveals a concerning rise in Magecart attacks and e-skimming activity targeting online retailers. The research highlights how cybercriminals are evolving their tactics to bypass traditional, rather antiquated client-side security measures such as Content Security Policy (CSP) and compromise e-commerce platforms at an alarming rate.| Source Defense
Payment card security faces new challenges as merchants and service providers prepare for the Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements on eSkimming prevention. With the March 2025 deadline approaching, organizations must act quickly to implement these new mandates.| Source Defense
There aren’t many small problems in cybersecurity. Most of them are big. Things like client-side attacks, ransomware, denial of service, zero-days and phishing cause you long days, sleepless nights and represent major risks to your organization. And when you set out to protect your organization from attacks, you discover that there aren’t many small solutions| Source Defense
