Olivia
Online
cside
@csideai
The only client-side security company with a proxy solution. Gain visibility into every 3rd party script, attack, fraud attempt, and AI agent on the client-side
[email protected]
Joined March 2024
37 Following
314 Followers
172 Posts
David Attenborough turned 100 and you still don’t know how your app behaves in a browser.
📅 March 26th at 1pm EST | Live Webinar with @csideai!
Join us to learn how issuer expectations are changing, what stronger dispute evidence looks like today, and how to better protect revenue.
Register free: https://t.co/T80vPHcH93
#Chargebacks | #Payments
https://t.co/zIw3eOiS5l
Observing a surge in client-side fetches happening to msclairty[.]com hijacking referral tokens. Still unclear of the extension responsible but judging by the volume it must be top one of the 5000 browser extensions.
![csideai's tweet photo. Observing a surge in client-side fetches happening to msclairty[.]com hijacking referral tokens. Still unclear of the extension responsible but judging by the volume it must be top one of the 5000 browser extensions. https://t.co/hTQ1w3q6Rr](https://pbs.twimg.com/media/HCh_jx7awAQ4SQv.jpg)
🚨 Magecart Alert 🚨
A live Magecart skimmer on payment pages is exfiltrating credit card data in violation of PCI DSS.
Script downloaded from: hxxps://meriksshadowfiend[.]top/moritz-ca/metrics.js
Sending stolen data to:
hxxps://pixelnotinggo[.]top/api/accept-metrics
![csideai's tweet photo. 🚨 Magecart Alert 🚨
A live Magecart skimmer on payment pages is exfiltrating credit card data in violation of PCI DSS.
Script downloaded from: hxxps://meriksshadowfiend[.]top/moritz-ca/metrics.js
Sending stolen data to:
hxxps://pixelnotinggo[.]top/api/accept-metrics https://t.co/TRQsIJdZJY](https://pbs.twimg.com/media/GwuJyy_WEAAfVt1.jpg)
Multiple shipped features this month 🤩
Full details on cside. dev/changelog.
A browser extension can quietly remove critical security headers like CSP. No warning. No consent.
You install an extension and suddenly, protections against data leaks and injections are gone.
Should we make this an explicit opt-in?
Or will that see no adoption?
❗️We've identified a Magecart-like attack on the OpenCart CMS platform, mainly targeting East-Asian e-commerce websites
https://t.co/SgexNU5cX5
This is what makes client-side attacks so dangerous. Dynamism is a sword that cuts both ways. Attacker leverage this to stay undetected for days, weeks and months.
Read our full report:
https://t.co/zVXZeGmCn2
Yesterday CoinMarketCap got struck by a substantial client-side attack. Impacting all logged in users to reauthenticate their wallet access, and inadvertently grating access to a bad actor.
Hello from Gartner!
Come visit us at booth 971 in the startup zone.
We analyzed an attack on a Magento-based eCommerce site. The injection technique used hides in plain sight as the attacker is using ‘Google .com’ to deliver and execute their own code.
https://t.co/g6ZNlmtp74
We’re at InfoSec all week!
Booth B133, come say hi!
A new attack found in Progressive Web Apps (PWAs). They are browser-based too after all, and are also targets in client-side attacks.
https://t.co/4yNNL5SV7T
If you’re serious about client-side security, you need runtime protection that sees what scripts actually do in your users' browsers.
CSP is like locking your front door while leaving the windows wide open.
"But we use CSP so we're fine"
❌ No, you’re not.
CSP was designed to protect you from things like XSS.
But in reality, a CSP is blind as a bat.
If you trust a vendor’s domain, CSP lets it right through.
If that vendor gets compromised? CSP shrugs.
If you believe “strict CSP” is enough, look at Magecart, PII leaks, or the rise of fake browser updates. CSP couldn't save them, and neither will it save you.
Last Seen Users on Sotwe
catgirl⁎⁺˳✧
Seen from United States
Khairul Faqih Izwan
Seen from Indonesia
Allow Amateur
Seen from Egypt
veera sithi vinayaga
Seen from Turkey
lovetoyeddd ชายเดี่ยว
Seen from Thailand
私影_Cosplay
Seen from Netherlands
Üsküdar Travesti
Seen from Turkey
mình thích lái máy bay
Seen from Vietnam
Debi purnama
Seen from Indonesia
ชอบสาวใหญ่++ด้านมืด
Seen from Thailand
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers