Magecart
New Breed of Magecart: GTMs Working Together, JavaScript Hidden in CSS
by Source Defense The Source Defense Research team has uncovered another active eSkimming campaign which demonstrates the use of novel techniques, and an increasing adversarial focus on attacking websites with techniques that ...
What QSAs Are Saying About PCI DSS 4.0.1 and eSkimming Controls
by Source Defense On a recent Source Defense roundtable, seasoned QSAs gathered to discuss the latest PCI DSS 4.0.1 updates—specifically requirements 6.4.3 and 11.6.1—and how organizations should respond. What followed was a ...
Client-Side Security Breach Alert: Blue Shield of California Exposes 4.7 Million Members’ Health Data Through Web Analytics Configuration
by Source Defense A recent incident at Blue Shield of California highlights the critical importance of client-side security controls when implementing third-party scripts on healthcare websites. The nonprofit health plan has disclosed ...
New Magecart Variant Targets UK Retailer in Stealthy Double-Entry Attack
Source Defense Research Blog | April 23, 2025 A Familiar Threat Resurfaces in the UK Our Source Defense Research team has uncovered an active Magecart-style eSkimming attack targeting a major UK-based online ...
CSP FY: A Magecart Attack That Dodges Policy—and Makes a Joke While Doing It
by Source Defense When attackers are clever enough to name their cookie “csp_f_y,” you know they’re not just exfiltrating data—they’re mocking your defenses. In a recent attack spotted by the Source Defense ...
Sophisticated Payment Card Skimming Campaign Conceals Itself by Leveraging Stripe API
by Source Defense A newly discovered payment card skimming campaign has emerged exhibiting a concerning level of sophistication and leveraging unique tactics that make detection highly challenging. The attack, identified by Source ...
Next Steps from the PCI Council’s SAQ-A Update: Critical Responsibilities and Opportunities for PSPs
by Source Defense The PCI Council’s recent update to SAQ-A merchant requirements will spark questions and confusion across the eCommerce ecosystem. Under the changes, SAQ-A merchants will no longer have to specifically ...
Assessing the New SAQ-A Changes: Insights for QSAs
by Source Defense The PCI Security Standards Council’s recent update to SAQ-A merchant eligibility and compliance requirements introduces significant changes with just weeks to go before the March 31st deadline for 6.4.3 ...
Cheat Sheet and Action Plan: The PCI Council’s SAQ-A Eligibility Update
by Source Defense Implications to 6.4.3 and 11.6.1 and What It Means for PSPs, Merchants, and QSAs. On January 30, 2025 the PCI Security Standards Council announced changes to eligibility requirements for ...
Finding the Right Partner for PCI DSS 4.0.1 Compliance: Requirements 6.4.3 and 11.6.1
by Source Defense Ensuring compliance with PCI DSS 4.0, specifically requirements 6.4.3 and 11.6.1, is not just about meeting regulations—it’s about securing your customers’ trust and protecting your brand from emerging threats ...
