SRI
New Breed of Magecart: GTMs Working Together, JavaScript Hidden in CSS
by Source Defense The Source Defense Research team has uncovered another active eSkimming campaign which demonstrates the use of novel techniques, and an increasing adversarial focus on attacking websites with techniques that ...
What QSAs Are Saying About PCI DSS 4.0.1 and eSkimming Controls
by Source Defense On a recent Source Defense roundtable, seasoned QSAs gathered to discuss the latest PCI DSS 4.0.1 updates—specifically requirements 6.4.3 and 11.6.1—and how organizations should respond. What followed was a ...
Client-Side Security Breach Alert: Blue Shield of California Exposes 4.7 Million Members’ Health Data Through Web Analytics Configuration
by Source Defense A recent incident at Blue Shield of California highlights the critical importance of client-side security controls when implementing third-party scripts on healthcare websites. The nonprofit health plan has disclosed ...
New Magecart Variant Targets UK Retailer in Stealthy Double-Entry Attack
Source Defense Research Blog | April 23, 2025 A Familiar Threat Resurfaces in the UK Our Source Defense Research team has uncovered an active Magecart-style eSkimming attack targeting a major UK-based online ...
CSP FY: A Magecart Attack That Dodges Policy—and Makes a Joke While Doing It
by Source Defense When attackers are clever enough to name their cookie “csp_f_y,” you know they’re not just exfiltrating data—they’re mocking your defenses. In a recent attack spotted by the Source Defense ...
Polyfill – Additional Analysis and Discovery: Signs of PII and Credential Harvesting, Broad Exposure through Digital Supply Chain
With the introduction of PCI DSS 4.0, merchants are now grappling with new requirements that aim to enhance the security of cardholder data. At a recent roundtable hosted by Source Defense, industry ...
Navigating the New PCI DSS 4.0 Requirements: Key Takeaways from Industry Experts
With the introduction of PCI DSS 4.0, merchants are now grappling with new requirements that aim to enhance the security of cardholder data. At a recent roundtable hosted by Source Defense, industry ...
It’s all about the data
Data protection, controls and compliance don’t have to be an onerous obligation. With the right approach, you can turn it into a key differentiator for your business, says Tala’s Director of Product ...
What’s in Your Website? Lurking Risk from Third-party Resources
Address Risk from Third-party Resources with Subresource Integrity (SRI) In most real-life web apps there’s a need to include third-party resources. Whether it is for advertisements, A/B testing, analytics or other purposes, ...
When the CDN Goes Bananas
Slides on Subresource Integrity from the SecTalks Sydney meetup The post When the CDN Goes Bananas appeared first on Rainbow and Unicorn ...
