Linkedin Tag

Blog

Industry News, Insights and Resources

The latest industry news, interviews, technologies, and resources.

Featured blog posts

Threat feeds fail to detect attack for +2 years

c/side just detected a new client-side attack that’s been active for over 2 years. The domain guyacave[.]fr is serving a Personal Identifiab

The Polyfill attack explained

A tampered JavaScript file injected by the polyfill[.]io domain redirected a percentage of users to adult and betting websites based on their User-Agent. A Japanese X user “piyokango” was likely the first to report his attack on the 24th of June.

Polyfill - More than just a redirect attack

New information has come to light in the Polyfill attack. It was likely more than just a simple redirect. JavaScript facilitated AND-scenarios. Let's explore what might have well could've happened.

Read More

New 3rd party JS script attack found: Artifyau[.]com and Quantifymy[.]com

A mere few days after deploying our research scanner, crawling the web for attack, we found the domain artifyau[.]com injecting malicious sc

Read More

New Magecart attack code revealed

On October 14th, we posted an article on how another Magento Magecart attack was taking place. Then we only noticed one script as the culprit.

Read More

How web extensions can hurt your site (INFIRC[.]com and INFIRD[.]com)

The domain infirc[.]com and infird[.]com have caused quite the stir recently, and highlighted the dangers of infected or malicious web exten

Read More

The Internet Archive Hack: How JavaScript fits in the picture

The Internet Archive, also known as The Wayback Machine, experienced a security breach yesterday. This was not the first time it had been ta

Read More

The biggest Magecart attacks in history (so far)

Where the term “Magecart” comes from from Magecart attacks are a type of cyberattack where hackers inject malicious JavaScript code, often r

Read More

New TTPs in Stealing PII and Financial Information from Magento Websites

At c/side, we actively monitor client-side supply chain attacks, with a focus on the evolving tactics, techniques, and procedures (TTPs) use

Read More

Why do websites need 3rd party scripts?

When developing a website, you’ll often include libraries to help speed up the development process, and avoid reinventing the wheel. However

Read More

c/side joins the PCI Security Standards Council as an Associate Participating Organization

We’re proud to announce that we’ve joined the Payment Card Industry Security Standards Council Security Standards Council (PCI SSC) as an As

Read More

c/side joins the W3C

We’re incredibly proud to announce we have joined the W3C Web Application Security Working Group. The mission of the Web Application Securit

Read More

Carlsberg a target in Magento “CosmicSting” malware attack

The term “Magecart” refers to attacks on the Magento platform. Recently, another large campaign was found to target Magento sites again. Amo

Read More

Kuwait ecommerce site is being used to facilitate client-side skimming attacks

A popular e-commerce site in Kuwait, running an outdated version of Magento (2.4), has been compromised by a malicious JavaScript injection,

Read More

Threat feeds fail to detect attack for +2 years

c/side just detected a new client-side attack that’s been active for over 2 years. The domain guyacave[.]fr is serving a Personal Identifiab

Read More

Why do developers obfuscate JavaScript?

As a client-side security company protecting JavaScript, we see a lot of obfuscated scripts. When you use our tool, you can actually see the

Read More

Human Security vs c/side

This article takes an honest look at some of the features of Human Security vs c/side. Please note that you’re on the c/side website. While

Read More

What is Client-Side Security?

Client-side security covers all operations occurring on a user's device, such as a browser on a computer or other device when interacting wi

Read More

ButterCMS unreported downtime and security concerns

ButterCMS is a popular tool used to manage content for blogs. Earlier this week, we noticed a potentially severe security incident which tri

Read More

c/side raises a $6m seed round

We’re incredibly proud to announce our seed round of $6m, just six months after raising our pre-seed of $1.7m. Led by Uncork Capital as the

Read More

Cisco client-side Magecart JavaScript attack

Another day, another high-profile client-side JavaScript attack. This morning, we read that Cisco is the next victim of malicious code being

Read More

c/side picked for TechCrunch Disrupt Startup Battlefield 2024

We’re incredibly proud to announce that we were selected for TechCrunch Disrupt Startup Battlefield in 2024. This year’s Startup Battlefield

Read More

Feroot vs c/side

This article takes an honest look at the features of Feroot vs c/side. Please note that you’re on the c/side website. While we have a natura

Read More

How to speed up JavaScript

Conversion rates are correlated with site loading speeds. But e-commerce sites have a ton of JavaScript which slows things down... the solution is here.

Read More

What are digital skimmers?

Recently, we read of a new significant cyberattack campaign which targeted hundreds of online stores, exploiting vulnerabilities in third-pa

Read More

Why browsers are becoming increasingly more dangerous

Technologies like WebAssembly (WASM), WebGPU, and IndexedDB have transformed what browsers can achieve. This evolution has expanded the func

Read More

The true cost of a cyber attack

Calculating the true cost of a cyber attack is difficult. None are the same. Yet we report on this in as much detail as possible to accurately represent the full picture of when this happens to your business.

Read More

Is Tuaw a scam in the making?

When we saw the new Fireship video yesterday, we were immediately reminded of the recent Polyfill attack. Our first article was picked up an

Read More

The Copay event-stream attack illustrates dependency risks

The JavaScript ecosystem experienced a significant shock with a sophisticated attack on Copay, a popular cryptocurrency wallet provider, in

Read More

The Segway cyber attack explained

In January 2022, the Segway web store suffered a web supply chain attack - also often referred to as a Magecart attack. In these types of at

Read More

Don't deploy scripts site-wide

Third-party scripts are often deployed site-wide, typically injected in the head tags in web frameworks like Next.js via the ’_document.js’

Read More

What is an attack vector and what are hidden ones

An attack vector in cyber security is the way an attacker takes advantage of security weaknesses. Some are more obscure than others, however...

Read More

Web supply chain attack through trojanized jQuery on npm, GitHub and CDNs

Attacks have been found in trojanized jQuery on GitHub, npm and jsDelivr in a new web supply chain attack. Each package had a copy of jQuery

Read More

How expired domains lead to cyber attacks

How Expired Domains Lead to Cybersecurity Attacks In 2018, British Airways was attacked through the exploitation of a third-party JavaScript

Read More

The Polyfill attack explained

A tampered JavaScript file injected by the polyfill[.]io domain redirected a percentage of users to adult and betting websites based on their User-Agent. A Japanese X user “piyokango” was likely the first to report his attack on the 24th of June.

Read More

What is the browser supply chain?

The browser supply chain is the different components and processes that come together to render web pages, execute scripts, and ensure smooth functionality.

Read More

More than 490k websites targeted in web supply chain attack

The cdn.polyfill.io domain is currently being used in a web supply chain attack. It used to host a service for adding JavaScript polyfills t

Read More

Why you can trust c/side

Script security is our bread and butter. For lots of vendors, serving the script is just a part of their product. We put every care and atte

Read More

The BrowseAloud Supply-Chain Attack: A Case Study in Cryptojacking

This attack affected more than 4,000 websites, including government and educational sites, exposing thousands of users to cryptojacking without their knowledge.

Read More

Why CSPs Are Not Enough

They are cumbersome to set up, break during local development, and risk taking down sites when scripts change. Here's the better way:

Read More

Ticketmaster Data Breach Déjà Vu: What You Need to Know

May 29 2024, news broke of an alleged data breach involving Ticketmaster. Here's how it happened and how you can protect yourself.

Read More

Supply Chain Risk Doesn’t End At NPM

By only checking NPM (or another registry), you’re not protected from attacks through third-party scripts.

Read More

Kaiser Permanente Data Leak: A Case of Miscommunication and Inadequate Disclosure

While the breach wasn't a result of malicious hacking, it highlights a significant oversight in handling third-party scripts within the healthcare industry and beyond.

Read More

Introducing c/side free tier BETA

We’re excited to announce the launch of c/side. Monitoring, Securing and Optimizing 3rd Party Scripts . In today's digital landscape, third-

Read More

Cloudflare Page Shield vs c/side

This article takes an honest look at the features of Cloudflare Page Shield vs c/side. Please note that, since you’re on the c/side website,

Read More

The 2021 cdnjs Vulnerability in Detail

Using 3rd party scripts with safe sources isn’t always safe. That’s what the world learned in 2021, when a massive vulnerability in Cloudlfa

Read More

Akamai Page Integrity Manager vs c/side

Akamai Page Integrity Manager vs c/side. Which is better?

Read More

Jscrambler Webpage Integrity vs c/side

Other than other competitors providing a form of browser-side security almost as an afterthought, Jscrambler’s focus is similar to ours.

Read More

Imperva Client-side Protection vs c/side

Let’s take an honest look at the features of Imperva’s Client-side Protection product vs c/side. You’re on the c/side website, so just know

Read More

Threat Feeds In The AI Era

The idea behind threat feeds is valid. But, we’d argue it’s past its prime at this point. Here’s what threat feeds are, and why it’s only a

Read More

The risk of only protecting your payment portals from 3rd party javascript attacks

At this time, only payment portals are required to have a system to keep 3rd party JavaScript in check. But, there’s still a data breach risk if you don’t secure all pages.

Read More

PCI DSS 4.0 complete guide and steps

PCI DSS 4.0 complete guide and steps The Payment Card Industry Data Security Standard (PCI DSS) is a set of guidelines that ensures the safe

Read More

Get Started Today

Start monitoring and securing 3rd party scripts on your websites today.