by Source Defense When attackers are clever enough to name their cookie “csp_f_y,” you know they’re not just exfiltrating data—they’re mocking your defenses. In a recent attack spotted by the Source Defense Cyber Research team, a compromised first-party script on a payment page stored sensitive data in a cookie named csp_f_y. The exfiltration didn’t happen…
Category: Resources
Cybersecurity, cybersecurity technology, Global Security News, GRIT, GRIT Blog, Ransomware, report, Resources, Security Awareness & Education, Security Bloggers Network
GRIT’s 2025 Report: Ransomware Group Dynamics and Case Studies
Ransomware threats continue evolving, with the most successful groups refining their tactics to maximize impact over the last year. Understanding […] The post GRIT’s 2025 Report: Ransomware Group Dynamics and Case Studies appeared first on Security Boulevard.
Blog, eskimming, Europe, Global Security News, Magecart, QSA, Resources, Security Bloggers Network
Holiday Shopping Meets Cyber Threats: How Source Defense Detected the ESA Store Attack
by Source Defense In a recent high-profile incident covered by Forbes, our Source Defense Research team identified a sophisticated Magecart attack targeting the European Space Agency’s online store. This case study demonstrates why leading organizations worldwide trust Source Defense to protect their client-side security. In the December 2024 incident, Forbes reported what it called “one…
Blog, eskimming, Global Security News, Magecart, QSA, Resources, Security Bloggers Network
Navigating the New PCI DSS 4.0 Requirements: Key Takeaways from Industry Experts
by Source Defense With the introduction of PCI DSS 4.0, merchants are now grappling with new requirements that aim to enhance the security of cardholder data. At a QSA roundtable hosted by Source Defense, industry veterans gathered to dissect these changes and their implications for businesses of all sizes. Understanding the New Requirements PCI DSS…
Blog, Data Security, data theft, digital supply chain, Exploits, Global Security News, Resources, Security Bloggers Network
CRITICAL ALERT: Sophisticated Google Domain Exploitation Chain Unleashed
by Source Defense A sophisticated attack chain targeting e-commerce payment flows has been prematurely exposed in a concerning development, highlighting the delicate balance between responsible disclosure and public safety. Discovered initially by Source Defense’s research team and responsibly disclosed to Google on November 19, 2024 (Issue ID: 379818473), this critical vulnerability has now been publicly…