[Whitepaper] The Hidden Risk in Your Digital Supply ChainThe recent rapid growth in e-commerce is causing an uptrend in sales for brands, marketplaces, and other online retail venues. However, it’s also fueling an entirely different trend — the growth in client-side cyberattacks driven through retail web applications.
Client-side attacks represent some of the biggest security and compliance threats today for retailers. The unfortunate result of these attacks is massive data theft, including customer personally identifiable information (PII) and financial data such as credit card information.
65% of e-commerce shoppers say that “experiencing even a single data security breach would prompt them to leave a merchant for good.”
GOOGLE-ABUSING MAGECART CAMPAIGN RUNS 18 MONTHS AND KEEPS GETTING MORE SEVERE A Google-abusing Magecart campaign first exposed by Source Defense in late 2024 has continued
A Fake Payment Page That Reused CSP Trust and Exfiltrated via WebRTC A fake payment page is dangerous enough when it tricks shoppers into entering
NEW MAGECART ATTACK USES WEBRTC TO BYPASS CSP, THEN TRIPS ON MANGENTO 2 A newly observed Magecart-style skimmer shows how attackers can bypass Content Security
FROM FIREBASE TO GTM: HOW MAGECART MOVED DEEPER INTO GOOGLE INFRASTRUCTURE A persistent Magecart actor has steadily moved its client-side attack chain deeper into trusted