Blog
New information has come to light in the Polyfill attack. It was likely more than just a simple redirect. JavaScript facilitated AND-scenarios. Let's explore what might have well could've happened.
A mere few days after deploying our research scanner, crawling the web for attack, we found the domain artifyau[.]com injecting malicious sc
On October 14th, we posted an article on how another Magento Magecart attack was taking place. Then we only noticed one script as the culprit.
The domain infirc[.]com and infird[.]com have caused quite the stir recently, and highlighted the dangers of infected or malicious web exten
The Internet Archive, also known as The Wayback Machine, experienced a security breach yesterday. This was not the first time it had been ta
Where the term “Magecart” comes from from Magecart attacks are a type of cyberattack where hackers inject malicious JavaScript code, often r
At c/side, we actively monitor client-side supply chain attacks, with a focus on the evolving tactics, techniques, and procedures (TTPs) use
When developing a website, you’ll often include libraries to help speed up the development process, and avoid reinventing the wheel. However
We’re proud to announce that we’ve joined the Payment Card Industry Security Standards Council Security Standards Council (PCI SSC) as an As
We’re incredibly proud to announce we have joined the W3C Web Application Security Working Group. The mission of the Web Application Securit
The term “Magecart” refers to attacks on the Magento platform. Recently, another large campaign was found to target Magento sites again. Amo
A popular e-commerce site in Kuwait, running an outdated version of Magento (2.4), has been compromised by a malicious JavaScript injection,
c/side just detected a new client-side attack that’s been active for over 2 years. The domain guyacave[.]fr is serving a Personal Identifiab
As a client-side security company protecting JavaScript, we see a lot of obfuscated scripts. When you use our tool, you can actually see the
This article takes an honest look at some of the features of Human Security vs c/side. Please note that you’re on the c/side website. While
Client-side security covers all operations occurring on a user's device, such as a browser on a computer or other device when interacting wi
ButterCMS is a popular tool used to manage content for blogs. Earlier this week, we noticed a potentially severe security incident which tri
We’re incredibly proud to announce our seed round of $6m, just six months after raising our pre-seed of $1.7m. Led by Uncork Capital as the
Another day, another high-profile client-side JavaScript attack. This morning, we read that Cisco is the next victim of malicious code being
We’re incredibly proud to announce that we were selected for TechCrunch Disrupt Startup Battlefield in 2024. This year’s Startup Battlefield
This article takes an honest look at the features of Feroot vs c/side. Please note that you’re on the c/side website. While we have a natura
Conversion rates are correlated with site loading speeds. But e-commerce sites have a ton of JavaScript which slows things down... the solution is here.
Recently, we read of a new significant cyberattack campaign which targeted hundreds of online stores, exploiting vulnerabilities in third-pa
Technologies like WebAssembly (WASM), WebGPU, and IndexedDB have transformed what browsers can achieve. This evolution has expanded the func
Calculating the true cost of a cyber attack is difficult. None are the same. Yet we report on this in as much detail as possible to accurately represent the full picture of when this happens to your business.
When we saw the new Fireship video yesterday, we were immediately reminded of the recent Polyfill attack. Our first article was picked up an
The JavaScript ecosystem experienced a significant shock with a sophisticated attack on Copay, a popular cryptocurrency wallet provider, in
In January 2022, the Segway web store suffered a web supply chain attack - also often referred to as a Magecart attack. In these types of at
Third-party scripts are often deployed site-wide, typically injected in the head tags in web frameworks like Next.js via the ’_document.js’
An attack vector in cyber security is the way an attacker takes advantage of security weaknesses. Some are more obscure than others, however...
Attacks have been found in trojanized jQuery on GitHub, npm and jsDelivr in a new web supply chain attack. Each package had a copy of jQuery
How Expired Domains Lead to Cybersecurity Attacks In 2018, British Airways was attacked through the exploitation of a third-party JavaScript
A tampered JavaScript file injected by the polyfill[.]io domain redirected a percentage of users to adult and betting websites based on their User-Agent. A Japanese X user “piyokango” was likely the first to report his attack on the 24th of June.
The browser supply chain is the different components and processes that come together to render web pages, execute scripts, and ensure smooth functionality.
The cdn.polyfill.io domain is currently being used in a web supply chain attack. It used to host a service for adding JavaScript polyfills t
Script security is our bread and butter. For lots of vendors, serving the script is just a part of their product. We put every care and atte
This attack affected more than 4,000 websites, including government and educational sites, exposing thousands of users to cryptojacking without their knowledge.
They are cumbersome to set up, break during local development, and risk taking down sites when scripts change. Here's the better way:
May 29 2024, news broke of an alleged data breach involving Ticketmaster. Here's how it happened and how you can protect yourself.
By only checking NPM (or another registry), you’re not protected from attacks through third-party scripts.
While the breach wasn't a result of malicious hacking, it highlights a significant oversight in handling third-party scripts within the healthcare industry and beyond.
We’re excited to announce the launch of c/side. Monitoring, Securing and Optimizing 3rd Party Scripts . In today's digital landscape, third-
This article takes an honest look at the features of Cloudflare Page Shield vs c/side. Please note that, since you’re on the c/side website,
Using 3rd party scripts with safe sources isn’t always safe. That’s what the world learned in 2021, when a massive vulnerability in Cloudlfa
Akamai Page Integrity Manager vs c/side. Which is better?
Other than other competitors providing a form of browser-side security almost as an afterthought, Jscrambler’s focus is similar to ours.
Let’s take an honest look at the features of Imperva’s Client-side Protection product vs c/side. You’re on the c/side website, so just know
The idea behind threat feeds is valid. But, we’d argue it’s past its prime at this point. Here’s what threat feeds are, and why it’s only a
At this time, only payment portals are required to have a system to keep 3rd party JavaScript in check. But, there’s still a data breach risk if you don’t secure all pages.
PCI DSS 4.0 complete guide and steps The Payment Card Industry Data Security Standard (PCI DSS) is a set of guidelines that ensures the safe