Olivia
Online
Report URI
@reporturi
We're the market leader in browser security technologies, enabling you to detect and mitigate attacks, fast.
Earth
Joined April 2015
4 Following
3.8K Followers
610 Posts
We’ve open-sourced passkeys-php, the WebAuthn library we use at Report URI, to help the community deploy passkeys more easily and safely.
Small. Auditable. MIT licensed. Built for real-world PHP apps.
Our founder, @Scott_Helme, shared the details today:
https://t.co/aCjO0dCUZj
I didn't realise it was so trivial for an XSS vulnerability to allow an attacker to register their passkey on your account!
https://t.co/V9cBG491oV
Great research from our founder, @Scott_Helme, on one of the hidden risks of passkeys.
Passkeys reduce phishing risk, but malicious JavaScript in the browser can abuse registration flows and create persistent account takeover risk.
Client-side visibility matters.
https://t.co/vf8BLK2RUx
Passkeys are becoming a major part of how we secure accounts online, but there’s still a lot of confusion about what they are, how they work, and what risks remain.
Our founder, @Scott_Helme, has written a short introduction to Passkeys to set the scene before we publish some deeper technical posts this week.
A simple starting point before we get into the details.
https://t.co/aLFGSvyRGW
Who to follow
Have I Been Pwned
@haveibeenpwned
Check if you have an email address or password that has been compromised in a data breach. Created and maintained by @troyhunt.
Scott Helme
@Scott_Helme
Hacker, researcher, builder of things. Founded @securityheaders/@reporturi, Pluralsight author, Microsoft MVP, award winning entrepreneur. Likes cars.
Feisty Duck
@feistyduck
The place for TLS and PKI education. Publishers of Bulletproof TLS and PKI. Authors of Practical TLS and PKI training. Cryptography & Security Newsletter.
A checkout page can look secure, work normally, and still be stealing customer payment data.
In this post, @Scott_Helme breaks down a real-world JavaScript compromise where attackers modified a trusted file to skim card data directly from the browser — and why organisations need visibility into the code running in the browser.
Read the post: https://t.co/et8m0SNOAZ
A breach claim against Report URI turned out to be false - but the passwords were real.
In his latest post, our founder @Scott_Helme explains how info-stealer malware changes the threat model, why strong password storage alone isn’t enough, and how we’ve improved account protection when compromised credentials appear in the wild.
Read more: https://t.co/FawDKg8cgH
Q2 is off to a busy start at Report URI 🚀
Our April 2026 newsletter is now live, covering:
🔹 API and MCP endpoints now Generally Available
🔹 Audit Trail events to Webhook
🔹 Custom Fingerprints for JavaScript Integrity Monitoring
🔹 Audit Archive for JS assets
🔹 Reporting API support in @firefox
🔹 Deeper CSP inspection
🔹 Passkeys research, testing and our new whitepaper
🔹 New Threat Intelligence research
Read the full update here:
https://t.co/qOPvClS56K
@CYBERUKevents Here's a great talk at @BSidesLondon by @NCSC on the value of Passkeys and some of the remaining risks, definitely worth a watch: https://t.co/oZhMetMMYC
The @NCSC is right to push passkeys.
They’re a huge step forward for authentication: phishing-resistant, no shared secret on the server, far better than passwords in many ways.
But passkeys don’t make your application trustworthy after login. You still need to deal with session abuse, XSS, CSRF, malicious passkey registration, and transaction manipulation.
Our founder @Scott_Helme wrote about the security considerations teams need to think about when rolling out passkeys and published a white paper: https://t.co/dr72Vjnc0t
#CYBERUK26
Good morning Glasgow! 🏴
Come and find us at @CYBERUKevents booth G13 and see how we can show you exactly what code is running on your website. 👨💻
#CYBERUK26
The Report URI refresh is live! 💙🧡
New homepage, refreshed product + case study pages, all-new social cards across the site, and more.
Same mission: catching the third-party code your website is running that you don't control.
➡️ https://t.co/byNZXBFsnc
🚨 Potentially Suspicious Domain
We've detected a new pattern of external communications with antespirit\.com which was registered a few days ago! (10 Apr 2026)
🚨 Potentially Suspicious Domain
We've detected a new pattern of external communications with gadstat\.com which was registered yesterday! (12 Apr 2026)
We're tracking an active Magecart campaign targeting ecommerce sites.
The malware hides from admins, adapts to the platform, and changes how it steals payment data!
Write-up: https://t.co/TLISxbDoxv
We uncovered a malicious browser extension injecting JavaScript Malware into pages, hijacking clicks, and monetising user traffic right inside the browser!
https://t.co/gCkuqHnHGY
Our founder has just published a write-up on having our Passkeys implementation independently security tested.
Auth is too important to just ship and hope for the best, so we brought in the experts!
https://t.co/zUjxHRDDiK
Our March update was a big one! 😎
🤖 API and MCP Endpoints
🔑 Passkeys support
📈 Report Sampling
🛡️ Integrity Suite
📋 Audit Trail
👀 Visual updates
And loads more! cc @reporturi
https://t.co/yn0FAD21qE
We’re inviting customers to join the beta for our new API and MCP integrations.
Bring Report URI data into AI assistants, automations, dashboards, and custom security tooling.
Want in? Details in our newsletter: https://t.co/fV4eDVkC6E
At the scale we operate at Report URI, “one in a billion” problems can happen every single day!
In our founder's latest blog post, we share some of the challenges that come with operating Redis at scale, and what it takes to keep a high-volume telemetry pipeline fast and resilient.
https://t.co/DkMxE6PqwL
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers