Magecart
eSkimming Security – Driving Bottom Line Results through Fraud Reduction and Revenue Maximization
by Source Defense Even with the PCI DSS 4.0 deadline now behind us, many organizations are still exposed to costly eSkimming threats and compliance gaps. Source Defense recently hosted a webinar to ...
Revenue Risk Hidden in Fly by Night New eSkimming Tools
by Source Defense Don’t Trust Your Online Revenue Channel to Sub-par Solutions for eSkimming Security (Beware the big box “me too” solutions) As PCI DSS 4.0.1 enforcement has driven demand for eSkimming ...
New Breed of Magecart: GTMs Working Together, JavaScript Hidden in CSS
by Source Defense The Source Defense Research team has uncovered another active eSkimming campaign which demonstrates the use of novel techniques, and an increasing adversarial focus on attacking websites with techniques that ...
What QSAs Are Saying About PCI DSS 4.0.1 and eSkimming Controls
by Source Defense On a recent Source Defense roundtable, seasoned QSAs gathered to discuss the latest PCI DSS 4.0.1 updates—specifically requirements 6.4.3 and 11.6.1—and how organizations should respond. What followed was a ...
Client-Side Security Breach Alert: Blue Shield of California Exposes 4.7 Million Members’ Health Data Through Web Analytics Configuration
by Source Defense A recent incident at Blue Shield of California highlights the critical importance of client-side security controls when implementing third-party scripts on healthcare websites. The nonprofit health plan has disclosed ...
New Magecart Variant Targets UK Retailer in Stealthy Double-Entry Attack
Source Defense Research Blog | April 23, 2025 A Familiar Threat Resurfaces in the UK Our Source Defense Research team has uncovered an active Magecart-style eSkimming attack targeting a major UK-based online ...
CSP FY: A Magecart Attack That Dodges Policy—and Makes a Joke While Doing It
by Source Defense When attackers are clever enough to name their cookie “csp_f_y,” you know they’re not just exfiltrating data—they’re mocking your defenses. In a recent attack spotted by the Source Defense ...
Sophisticated Payment Card Skimming Campaign Conceals Itself by Leveraging Stripe API
by Source Defense A newly discovered payment card skimming campaign has emerged exhibiting a concerning level of sophistication and leveraging unique tactics that make detection highly challenging. The attack, identified by Source ...
Next Steps from the PCI Council’s SAQ-A Update: Critical Responsibilities and Opportunities for PSPs
by Source Defense The PCI Council’s recent update to SAQ-A merchant requirements will spark questions and confusion across the eCommerce ecosystem. Under the changes, SAQ-A merchants will no longer have to specifically ...
Assessing the New SAQ-A Changes: Insights for QSAs
by Source Defense The PCI Security Standards Council’s recent update to SAQ-A merchant eligibility and compliance requirements introduces significant changes with just weeks to go before the March 31st deadline for 6.4.3 ...
