cside Blog

How to Block ClaudeBot on Your Website

Mike Kutlu — Tue, 16 Jun 2026 00:00:00 GMT

ClaudeBot crawls your site to train Anthropic's Claude models. Here is how to block it with robots.txt and IP ranges, and what the block still misses.

How to Prevent Fake Account Creation: Why Browser-Layer Detection Catches What Email Verification Misses

Mike Kutlu — Mon, 15 Jun 2026 00:00:00 GMT

Email verification confirms a mailbox exists. It cannot see the browser. Here is why browser-layer detection catches fake account creation it misses.

Polyfill.io Supply Chain Attack: Complete Timeline, Analysis & Lessons (2024–2026)

Simon Wijckmans — Sun, 14 Jun 2026 00:00:00 GMT

A complete, sourced timeline of the Polyfill.io supply chain attack, from the 2024 domain sale to the 2025 Funnull sanctions, and how to remove it today.

How to Block AI Card-Testing Agents

Mike Kutlu — Sat, 13 Jun 2026 00:00:00 GMT

AI card-testing agents probe payment flows using real browsers. Learn the browser signals that expose them before a transaction completes.

How to Choose an AI Agent Detection Solution

Mike Kutlu — Fri, 12 Jun 2026 00:00:00 GMT

A five-step buying guide for CISOs evaluating AI agent detection solutions: architecture, classification, vendor profiles, and POC methodology.

Best Bot and Agent Trust Management Platforms Compared (2026)

Mike Kutlu — Thu, 11 Jun 2026 00:00:00 GMT

Forrester defines the category. cside, DataDome, HUMAN Security, Kasada, and Arkose Labs compared on detection layer, intent, and agentic coverage.

How to Block OpenAI Operator on Your Website

Mike Kutlu — Wed, 10 Jun 2026 00:00:00 GMT

OpenAI Operator browses your site like a real user. Learn how to detect and block it using browser-layer signals and when you should not block it.

DBSC vs Device Fingerprinting: What Chrome's Session Security Does Not Cover

Simon Wijckmans — Tue, 09 Jun 2026 00:00:00 GMT

Chrome's DBSC stops stolen-cookie replay, but it is Chrome-only, post-login, and not a device-identity layer. Here is the fraud it leaves open.

How to Block Perplexity Shopper on Your Website

Mike Kutlu — Tue, 09 Jun 2026 00:00:00 GMT

Perplexity Shopper browses and buys from retail websites on behalf of Pro users. Learn how to detect its browser-layer signals and govern the traffic.

When an AI API returns another user's response: shared caches and cross-tenant leaks

Simon Wijckmans — Fri, 05 Jun 2026 00:00:00 GMT

A Claude API incident appears to have returned other users' responses. Why shared caches cause cross-tenant leaks, and how to build around the risk.

MFA Didn't Fail, the Trust Model Did: Device Code Phishing and OAuth Token Theft (Kali365)

Simon Wijckmans — Fri, 05 Jun 2026 00:00:00 GMT

Kali365 abuses the OAuth 2.0 device authorization grant to steal Microsoft 365 tokens after MFA. A technical breakdown of the flow, FOCI, and detection.

AI is compressing the exploit cycle: Google's AI-developed zero-day and what it means for browsers

Simon Wijckmans — Wed, 03 Jun 2026 00:00:00 GMT

Google flagged a zero-day it believes was AI-developed. The real AI security shift isn't smarter phishing, it's how fast exploits reach the browser.

The Browser Session Is Now a Security Control Plane. Attackers Knew That Years Ago.

Simon Wijckmans — Sat, 30 May 2026 00:00:00 GMT

Google's DBSC proposal validates a clear security shift: browser sessions need device-aware validation after login, not only MFA.

Comparing Solutions for Account Takeover Prevention | 2026

Juan Combariza — Wed, 27 May 2026 00:00:00 GMT

Anti-fraud suites, fingerprinting tools, and MFA compared by what they cover in the ATO attack chain. Find the right stack for your risk profile.

How to Stop AI Agents From Creating Fake Accounts (Guide)

Juan Combariza — Wed, 20 May 2026 00:00:00 GMT

AI agents create fake accounts using real browsers, residential IPs, and generated identities. Here's the detection signal stack to stop them.

How to Block AI-Agent Based Content Scraping Bots (Guide)

Juan Combariza — Tue, 19 May 2026 00:00:00 GMT

AI content scraping bots use real browsers, residential IPs, and LLM-powered extraction to harvest your pricing and content. Here's how to stop them.

The Snowball Effect: How Mini Shai-Hulud Turns npm into a Worm Distribution Network

Simon Wijckmans — Tue, 19 May 2026 00:00:00 GMT

Mini Shai-Hulud turned npm packages into a credential-theft loop. Here is how the AntV wave spread and what teams should monitor next.

Why CAPTCHAs Are No Longer Reliable Bot Defense

Simon Wijckmans — Tue, 19 May 2026 00:00:00 GMT

CAPTCHAs are no longer a reliable primary bot defense. Learn why visible challenges fail and how resource-wasting defenses raise attacker cost.

Funnull Sanctioned: What the Polyfill[.]io Attack Exposed About Infrastructure Laundering

Simon Wijckmans — Mon, 18 May 2026 00:00:00 GMT

OFAC's Funnull sanctions show why the Polyfill attack was part of a larger infrastructure laundering and browser supply-chain risk.

On-Device Inference Is Coming for Your Security Stack: For Better and Worse

Simon Wijckmans — Mon, 18 May 2026 00:00:00 GMT

On-device AI can protect sensitive data and power endpoint defense, but it also creates new prompt injection, telemetry, and browser attack paths.

4 Tools To Detect AI Agents On Your Website (Fraud Prevention)

Juan Combariza — Fri, 15 May 2026 00:00:00 GMT

Compare cside, HUMAN Security, DataDome, and Cloudflare for AI agent detection. See how each tool handles fraud prevention, pricing, and implementation.

AI-Agent Based Credit Card Testing Bots | How to Stop Them

Mike Kutlu — Fri, 15 May 2026 00:00:00 GMT

AI credit card testing agents use real browsers to test stolen credentials at scale. Learn how to detect and block them before a transaction completes.

What Are Stealth (or 'Anti-Detect') Browsers and When to Block Them

Mike Kutlu — Thu, 14 May 2026 00:00:00 GMT

Stealth browsers bypass bot detection. Anti-detect browsers spoof fingerprints. Learn the signals that reveal both, even when they look human.

cside Named SourceForge Spring 2026 Top Performer for Client-Side Security

Simon Wijckmans — Wed, 13 May 2026 00:00:00 GMT

cside was named a SourceForge Spring 2026 Top Performer, reflecting user trust in client-side security, PCI evidence, and support.

How to Detect AI Agents on Your Website | Full Guide

Juan Combariza — Wed, 13 May 2026 00:00:00 GMT

This guide covers AI agent detection through identity, network, browser, and behavioral signals. See free methods like server log analysis and specialized tools.

cside Co-Chairs W3C Anti-Fraud Browser Security

Simon Wijckmans — Tue, 12 May 2026 00:00:00 GMT

Simon Wijckmans now co-chairs W3C AFCG as cside helps shape privacy-preserving browser signals for AI-era fraud.

What Is Mastercard First-Party Trust? How It Reduces Chargebacks

Mike Kutlu — Mon, 11 May 2026 00:00:00 GMT

Mastercard First-Party Trust deflects friendly fraud disputes before they become formal chargebacks. Here is how the evidence framework works.

Mastercard First Party Trust: Improve EFM and ECP Ratios with Device Fingerprinting

Mike Kutlu — Fri, 08 May 2026 00:00:00 GMT

Mastercard's First Party Trust program uses device fingerprinting to deflect friendly fraud disputes before they inflate your EFM and ECP ratios.

Comparing Tools for PCI DSS 6.4.3 & 11.6.1 | Features, Pricing

Juan Combariza — Thu, 07 May 2026 00:00:00 GMT

Compare PCI DSS 6.4.3 and 11.6.1 compliance tools. Features, pricing, and reviews for cside, Feroot, Cloudflare, and Reflectiz side by side.

Friendly Fraud in Travel and Hospitality: The 2026 Playbook

Mike Kutlu — Wed, 06 May 2026 00:00:00 GMT

Travel and hospitality merchants face the highest-value friendly fraud disputes. How CE 3.0 and browser-layer evidence rebalance the win rate.

Mastercard Scam Merchant Monitoring 2026: What Merchants Must Know Before July

Mike Kutlu — Tue, 05 May 2026 00:00:00 GMT

Mastercard Scam Merchant Monitoring takes full effect on 24 July 2026. Here are the SMMP triggers, how it differs from ECM and EFM, and how merchants can prepare.

Utah SB 73: You Are Now Liable for Users' VPNs

Mike Kutlu — Tue, 05 May 2026 00:00:00 GMT

Utah SB 73 holds operators liable when users bypass age gates with VPNs. An IP blocklist cannot keep pace. Behavioural detection is what works.

CE 3.0 Auto-Qualification: What Changed on 17 October 2025 and What To Do Now

Mike Kutlu — Fri, 01 May 2026 00:00:00 GMT

Visa auto-qualifies transactions for Compelling Evidence 3.0 via Visa Secure and Visa Data Only. What changed, who benefits, and the evidence gap.

Friendly Fraud in Gaming and iGaming: The 2026 Chargeback Playbook

Mike Kutlu — Wed, 29 Apr 2026 00:00:00 GMT

iGaming merchants run the highest chargeback ratios of any vertical. VAMP 2026 tightened the line. How CE 3.0 plus browser-layer evidence rebalances the book.

VAMP 2026: Visa's New Thresholds and How to Survive Them

Mike Kutlu — Wed, 29 Apr 2026 00:00:00 GMT

Visa's VAMP ratio dropped to 1.5% on 1 April 2026 with $8-per-transaction fines. A merchant playbook for staying under the new thresholds using CE 3.0.

Compelling Evidence 3.0 Requirements: What Visa Mandates and What Actually Wins the Case

Mike Kutlu — Tue, 28 Apr 2026 00:00:00 GMT

The four data elements Visa requires for CE 3.0, and what separates winning representments from losing ones.

How OpenClaw Agents Bypass Bot Detection (And How to Stop Them)

Simon Wijckmans — Tue, 28 Apr 2026 00:00:00 GMT

OpenClaw agents paired with stealth browser tooling can bypass legacy bot detection. Learn how agentic fraud works and how browser fingerprinting helps stop it.

What CTEM at the browser layer actually looks like: one third-party script, five findings

Mike Kutlu — Mon, 27 Apr 2026 00:00:00 GMT

A live analysis of one Skeepers widget on a major international bank surfaced a 360-day cookie on auth subdomains, a CSP gap, and a server-controlled sub-script. Here's what CTEM looks like applied to the browser layer.

Friendly Fraud in SaaS and Subscription Businesses: The 2026 Playbook

Mike Kutlu — Mon, 27 Apr 2026 00:00:00 GMT

SaaS and subscription businesses have a specific friendly fraud profile: descriptor drift, recurring billing, and CE 3.0-eligible customers. Here is how to fight it.

Comparing account sharing prevention tools (for businesses)

Juan Combariza — Thu, 23 Apr 2026 00:00:00 GMT

SaaS companies lose revenue to account sharing every day. See a comparison of features, pricing, and reviews of popular tools used by fraud teams.

How to prevent account sharing fraud (full guide for businesses)

Juan Combariza — Wed, 22 Apr 2026 00:00:00 GMT

Account sharing costs organizations billions in revenue loss. This guide covers prevention methods like device and session limits, as well as strategic tips.

How to Remove a TC40 from Your VAMP Ratio: The CE 3.0 Mechanic

Mike Kutlu — Tue, 21 Apr 2026 00:00:00 GMT

TC40 fraud reports feed your VAMP ratio without a chargeback. A successful CE 3.0 representment is the only way to remove one. Here's how it works.

7 steps to stop account takeover fraud (for Travel businesses)

Juan Combariza — Sun, 19 Apr 2026 00:00:00 GMT

MFA is bypassed by advanced phishing kits. See the best practices, fingerprint signals, and tools that Travel fraud teams actually use to stop ATO.

Quick guide to prevent Account Takeover fraud (crypto businesses)

Juan Combariza — Fri, 17 Apr 2026 00:00:00 GMT

Crypto accounts are the most valuable ATO target of any industry. See the best practices, fingerprint signals, and tools Crypto teams use to stop ATO.

How Advanced Location Data Prevents Account Takeover and Detects Unsafe AI-Agent Token Reuse

Simon Wijckmans — Wed, 15 Apr 2026 00:00:00 GMT

How advanced location data helps security teams detect impossible travel, stolen-session reuse, and unsafe AI-agent activity before account takeover turns into fraud or data loss.

How Compromised Third-Party Scripts Can Prompt-Inject AI Agents

Simon Wijckmans — Mon, 13 Apr 2026 00:00:00 GMT

Third-party scripts already adapt website behavior by browser characteristics. That same flexibility can be abused to detect AI agents and inject misleading instructions or altered content.

Best methods to prevent account takeover fraud (FinTech)

Juan Combariza — Fri, 10 Apr 2026 00:00:00 GMT

FinTech accounts are targeted daily by attackers. See the best practices, fingerprint signals, and prevention tools FinTech teams use to stop ATO.

Best practices to prevent account takeover fraud (eCommerce)

Juan Combariza — Wed, 08 Apr 2026 00:00:00 GMT

eCommerce accounts are targeted daily by attackers. See the best practices, fingerprint signals, and prevention tools eCom companies use to stop ATO.

How to Prevent Account Takeover Fraud | 4 Step Guide for Businesses

Juan Combariza — Tue, 07 Apr 2026 00:00:00 GMT

MFA helps, but it does not stop account takeover on its own. This guide covers how businesses can prevent ATO early with fingerprinting signals.

Meet cside at RSAC 2026

Juan Combariza — Mon, 23 Mar 2026 00:00:00 GMT

Meet the cside time at RSAC 2026 in San Francisco. Stop by our booth S-0238 on March 24-26 or grab time with us off the floor.

DarkSword: pure JavaScript exploit chain weaponizes legitimate websites

Simon Wijckmans — Fri, 20 Mar 2026 00:00:00 GMT

DarkSword is a full-chain iOS exploit delivered via watering-hole compromises of legitimate websites. It runs entirely in JavaScript, evades binary mitigations, and drops JavaScript-based backdoors that exfiltrate sensitive data.

AppsFlyer Web SDK supply-chain compromise - polymorphic crypto stealer

Simon Wijckmans — Wed, 18 Mar 2026 00:00:00 GMT

A registrar-level DNS hijack of appsflyer.com served a polymorphic crypto-stealing payload through the AppsFlyer Web SDK, affecting thousands of sites and some Node.js server environments. This post summarizes telemetry, forensic indicators, IOCs, detection guidance, and remediation steps.

OpenClaw Scanner for Third-Party Scripts

Simon Wijckmans — Wed, 18 Mar 2026 00:00:00 GMT

A free, open-source scanner that inventories third-party scripts, detects fingerprinting, audits security headers and cookies, and flags PCI DSS exposure on payment pages. Run a quick 30-second audit to reveal what code executes in your users' browsers.

Inside Coruna - Web Script IOS Exploit

Simon Wijckmans — Sun, 08 Mar 2026 00:00:00 GMT

Your website could have been used to distribute this iOS exploit kit and you wouldn't have known. A full technical breakdown of Coruna: five exploit chains, 23 CVEs, and the delivery infrastructure that makes every website a potential attack vector.

"Microsoft Clairty" Isn't Microsoft Clarity: Deobfuscating a Typosquatted Ad Fraud Script

Simon Wijckmans — Tue, 03 Mar 2026 00:00:00 GMT

cside observed a new malicious client-side injection originating from a malicious browser extension impersonating Microsoft Clarity and overwriting referral tokens to redirect referral revenue to a malicious actor.

How to block AI agents on your website | robots.txt is not enough

Juan Combariza — Tue, 24 Feb 2026 00:00:00 GMT

Robots.txt won’t stop AI agents from abusing your website. Learn how to block headless browser agents and fraudulent agents with different controls.

How to Monitor Cross Border Data Transfer On Your Website | GDPR, CCPA

Juan Combariza — Thu, 12 Feb 2026 00:00:00 GMT

Your website is likely sending personal data to other countries. Learn how to track cross-border data transfers for GDPR and CCPA requirements.

How to Prevent Website Data Breaches (to avoid GDPR & CCPA fines)

Juan Combariza — Fri, 06 Feb 2026 00:00:00 GMT

1/3rd of breaches involve third parties. Learn how to prevent GDPR and CCPA violations by securing third-party scripts, APIs, and data flows.

Comparing Tools for GDPR Compliance (the ones you need in 2026)

Juan Combariza — Tue, 03 Feb 2026 00:00:00 GMT

GDPR compliance does not live in one tool. Fragmentation confuses teams, so we wrote this guide to help you select the right GDPR tools for you.

What is E-skimming | Guide and Prevention Tips

Juan Combariza — Thu, 29 Jan 2026 00:00:00 GMT

E-skimming steals information from your web visitors before traditional security tools protect them. Learn how web skimming works and how to prevent it.

3 Tips - The fastest way to comply with PCI DSS requirements 6.4.3 & 11.6.1

Juan Combariza — Mon, 26 Jan 2026 00:00:00 GMT

Most teams overcomplicate PCI DSS 6.4.3 & 11.6.1. See the fastest paths to compliance and why QSAs recommend tools over DIY.

VCDPA: Guide to Requirements + Website Compliance

Juan Combariza — Thu, 22 Jan 2026 00:00:00 GMT

Get a clear breakdown of Virginia Consumer Data Protection Act rules, enforcement timelines, and how to manage third-party scripts correctly.

Best practices for securing third party scripts on web pages

Simon Wijckmans — Wed, 21 Jan 2026 00:00:00 GMT

Third-party scripts can expose sensitive data in your users’ browsers. Learn best practices to secure client-side code and reduce breach risk.

Comparing Top Client Side Security Tools (features, reviews, pricing)

Juan Combariza — Tue, 20 Jan 2026 00:00:00 GMT

This selection guide dives deep into pricing, protection coverage, and more to help you choose a client-side protection tool for your website.

CPA (Colorado Privacy Act): Guide to Requirements + Website Compliance

Juan Combariza — Fri, 16 Jan 2026 00:00:00 GMT

Get a clear breakdown of Colorado Privacy Act rules, enforcement timelines, and how to manage third-party scripts correctly.

Best client-side security tools for web applications

Simon Wijckmans — Thu, 15 Jan 2026 00:00:00 GMT

Web Applications leverage client-side scripts. A multi layer monitoring approach is the best way to detect suspicious activity on those scripts.

How to detect VPN traffic on a website

Simon Wijckmans — Wed, 14 Jan 2026 00:00:00 GMT

U.S. and U.K. age-verification laws require companies to prevent minors from accessing restricted content, including circumvention controls against VPNs.

Top AI Tools For Website Privacy Compliance in 2026 (GDPR, CPRA)

Juan Combariza — Tue, 13 Jan 2026 00:00:00 GMT

Website privacy compliance is getting harder. Fortunately these AI-powered tools automate the heavy lifting across GDPR, CCPA, and HIPAA.

2026 Web Security Predictions from cside's CEO

Simon Wijckmans — Thu, 08 Jan 2026 00:00:00 GMT

2026 will look different from past years. We'll be watching for: deepfake powered phishing, LLM hallucinated security recommendations, and AI agent attackers.

Does GDPR apply to my U.S. company? (3 step self assessment)

Juan Combariza — Thu, 08 Jan 2026 00:00:00 GMT

GDPR might apply to your website even if you’re U.S. based. Use this 3 step checklist to see if you're at risk and the potential for financial penalties.

The Differences In Client-side Security Solutions

Simon Wijckmans — Tue, 06 Jan 2026 00:00:00 GMT

When a user visits a site, a web server directs the browser to fetch contents. Some from servers the website owner manages, sometimes from 3rd parties. Client-side security solutions aim to give control back to the website owner, because they are responsible for the tools on their site

10 common GDPR website compliance failures (and how to prevent them)

Juan Combariza — Tue, 30 Dec 2025 00:00:00 GMT

Common GDPR website compliance failures, why your team doesn't notice them on your website, and how to prevent unlawful data collection.

Best client-side security for eCommerce?

Simon Wijckmans — Fri, 26 Dec 2025 00:00:00 GMT

eCommerce sites are heavy consumers of client-side tracking tags which creates a significant risk for malicious exfiltration of sensitive data but also legitimate tags collecting more data than is necessary to sell to data brokers. The cside solution solves these concerns with ease.

GDPR Penalties Explained (most common fines, large cases, and how regulators decide)

Juan Combariza — Fri, 26 Dec 2025 00:00:00 GMT

Understand GDPR penalties based on the different violation categories. Look at what went wrong to avoid costly fines for your organization.

Best client-side security for Financial Institutions?

Simon Wijckmans — Wed, 24 Dec 2025 00:00:00 GMT

Nation-state targets like Financial Institutions need to partner with vendors that understand limitations and work to get as close to full coverage as is possible. Read why many choose cside's multi-layer model.

How to comply with GDPR website requirements (2026 guide)

Juan Combariza — Wed, 24 Dec 2025 00:00:00 GMT

Regulators don't care about cookie banners. This guide covers what you need to do in 2026 to minimize, document, and secure personal data on your website under GDPR.

NJDPA: Guide to Requirements + Website Compliance

Juan Combariza — Tue, 23 Dec 2025 00:00:00 GMT

Get a clear breakdown of the New Jersey Data Privacy Act rules, enforcement timelines, and how to manage third-party scripts for compliance.

What is CSS Security? | Preventing Phishing, Clickjacking from CSS Attacks

Juan Combariza — Tue, 23 Dec 2025 00:00:00 GMT

CSS controls what users see. Attackers exploit that. This article explores CSS-based client-side vulnerabilities and how to protect against them.

Which platform offers the most comprehensive client-side script monitoring?

Juan Combariza — Sat, 20 Dec 2025 00:00:00 GMT

Technical evaluation of modern client-side security approaches and why layered detections are necessary for comprehensive coverage.

TDPSA: Guide to Requirements + Website Compliance

Juan Combariza — Thu, 18 Dec 2025 00:00:00 GMT

Get a clear breakdown of Texas Data Privacy and Security Act rules, enforcement timelines, and how to manage third-party scripts correctly.

The British Airways Attack of 2018 - The Deeper Story

Simon Wijckmans — Mon, 15 Dec 2025 00:00:00 GMT

The 2018 British Airways attack affected 429,612 individuals. See why cside bought the attacker domain to turn it into a lesson on modern web security.

How cside brought AI to Client-Side Security

Simon Wijckmans — Sun, 14 Dec 2025 00:00:00 GMT

In 2024, cside launched the first client-side security solution with integrated AI for JavaScript security analysis and compliance automation.

Addressing Incorrect Claims Made by Reflectiz About cside

Simon Wijckmans — Mon, 08 Dec 2025 00:00:00 GMT

Learn why Reflectiz’s scanner-based claims about cside are incorrect and how cside’s real-time client-side security provides deeper protection, full payload forensics, and PCI DSS 4.0.1 compliance.

What is Magecart: Complete Guide and Prevention Strategy

Juan Combariza — Tue, 02 Dec 2025 00:00:00 GMT

Magecart attacks steal card data in the browser before traditional tools detect them. Learn how Magecart attacks work and entry points used by attackers.

Script Integrity Management for e-commerce Brands (SRI, Dynamic Scripts)

Simon Wijckmans — Wed, 26 Nov 2025 00:00:00 GMT

Deep dive into script integrity vs Subresource Integrity vs behavioral monitoring for PCI DSS 6.4.3, 11.6.1, ISO 27001, and HIPAA compliance.

CTDPA: Guide to Requirements + Third-Party Script Compliance

Juan Combariza — Tue, 25 Nov 2025 00:00:00 GMT

Get a clear breakdown of Connecticut Data Privacy Act rules, enforcement timelines, and how to manage third-party scripts correctly.

Expired Domain Risks: A Real Example from Oracle’s Website

Juan Combariza — Tue, 25 Nov 2025 00:00:00 GMT

An expired domain reference is all an attacker needs to execute phishing under a trusted origin. This blog looks at an example from Oracle’s code.

The Cloudflare incident: How cside minimized customer impact

Simon Wijckmans — Fri, 21 Nov 2025 00:00:00 GMT

On November 18th, Cloudflare had an incident that impacted thousands of customers. This blog explores how we limited impact to our own customers.

How WebView mobile apps are dangerous for banking

Simon Wijckmans — Fri, 21 Nov 2025 00:00:00 GMT

Banking "apps" that run on browser environments expose credentials without teams realizing it. This article explores examples of WebView mobile app attacks.

Shady Plugins in WooCommerce: Security Risks & Protection Tips

Juan Combariza — Wed, 19 Nov 2025 00:00:00 GMT

Your checkout is only as safe as your plugins. Discover how WooCommerce handles plugin HTML, why that matters, and the steps to stop malicious code.

Fail Open Architectures: the importance of being ready for a bad day.

Simon Wijckmans — Fri, 14 Nov 2025 00:00:00 GMT

Customers diligently ask: “what happens if cside goes down?” or “will it add latency?”. This is how our fail-open architecture is prepared for a bad day.

How Merchants Can Prevent Chargebacks (tools you need in 2026)

Juan Combariza — Sat, 08 Nov 2025 00:00:00 GMT

Still have a chargeback stack built for the pre-VAMP era? Here's how leading fraud teams use early dispute blocking to stay ahead of tighter rules in 2026.

How to Bypass JavaScript Agents, CSP, and Crawlers (Client-Side Security Testing)

Simon Wijckmans — Tue, 21 Oct 2025 00:00:00 GMT

Most client-side compliance tools can be easily bypassed. We show you how to test weaknesses in CSP, crawler, and JS agents + safer alternatives.

Device Fingerprinting in CE 3.0 | How to Block More Chargeback Disputes

Juan Combariza — Tue, 21 Oct 2025 00:00:00 GMT

This is how merchants use device fingerprinting to win more Compelling Evidence cases (VISA), blocking first-party fraud and lowering VAMP ratios.

Why Chargeback Indemnification No Longer Works With the New VAMP Ratio

Mike Kutlu — Thu, 09 Oct 2025 00:00:00 GMT

Chargeback indemnification won't protect you under new VAMP rules. You still face the risk of penalties and account termination. Here's how to adapt:

What is Client-Side Security?

Simon Wijckmans — Thu, 02 Oct 2025 00:00:00 GMT

Browsers are powerful feature rich environments. More applications also are effectively browsers behind the scenes. This is great for building an application, but bad actors also use the client as an attack surface.

Mockito docs hijacked

Simon Wijckmans — Tue, 30 Sep 2025 00:00:00 GMT

Some attacks are stupidly low tech. Mockito, a popular open source package contained a malicious link in their Github Docs.

Vibe Coding Security Risks: Client-Side Exposures in AI Platforms (Lovable, Copilot, Cursor & more)

Simon Wijckmans — Tue, 30 Sep 2025 00:00:00 GMT

Understand the common vulnerabilities in code made with AI coding platforms like Lovable, Copilot, Cursor, + Replit. See how to fix them before you ship them.

Chargebacks911 and cside Partner to Fight Chargeback Fraud

Juan Combariza — Tue, 09 Sep 2025 00:00:00 GMT

We're excited to reveal our partnership with Chargebacks911. Merging CB911’s expertise with cside’s client-side intelligence helps merchants fight friendly fraud and win more chargeback disputes.

cside Joins AWS Partner Network and ISV Accelerate

Juan Combariza — Tue, 09 Sep 2025 00:00:00 GMT

Working alongside AWS helps us bring our solution to the cloud environment our customers already rely on. For us, this is a step towards making client-side security widely accessible.

What QSAs Should Look For When Assessing PCI 6.4.3 and 11.6.1

Simon Wijckmans — Tue, 09 Sep 2025 00:00:00 GMT

We put together a shorthand checklist, red flags to look for, and the compliance differences between CSP, Crawlers, and Client-side scripts.

The Blockchain Is Not Your Friend: Examining EtherHiding and using Blockchain for Attacks

Jack LaFond — Tue, 02 Sep 2025 00:00:00 GMT

In March/April of 2025 a ClickFix variant was going around that used the Binance blockchain with smart contracts to control malware payloads that would surface from a hacked WordPress plugin.

Deobfuscating Third-Party JavaScript Code | A Security Engineer's Guide

Jack LaFond — Thu, 28 Aug 2025 00:00:00 GMT

From a security perspective, a third-party script with obfuscated code is a massive red flag. This guide explores methods to deobfuscate JavaScript and how to spot common attacks.

How to comply with PCI 6.4.3 and 11.6.1 | Practical guide for security teams

Juan Combariza — Tue, 19 Aug 2025 00:00:00 GMT

A practical guide to PCI 6.4.3 for security teams in eCommerce, FinTech, and SaaS. Learn why CSP or Crawlers are not enough to protect your users.

Cosmic Ray Bit Flips and the Hidden Risk at Scale

Jack LaFond — Fri, 08 Aug 2025 00:00:00 GMT

When a 1 in a million rare occurrence, turns out not to be so rare. How our atmosphere changes zero to ones and how it can impact security.

Client-Side Attack Report Q2 2025

Simon Wijckmans — Wed, 30 Jul 2025 00:00:00 GMT

cside’s research uncovered over 72,000 compromised websites, revealing how attackers are relying on JavaScript-based delivery mechanisms, third-party supply chain vulnerabilities, and deceptive browser based social engineering tactics such as fake browser updates.

The PII Blind Spot in Web Security

Simon Wijckmans — Wed, 30 Jul 2025 00:00:00 GMT

But PII moves through the frontend, where controls are weaker and visibility is often limited.

UK Internet Age Verification System explained for cyber security

Simon Wijckmans — Tue, 29 Jul 2025 00:00:00 GMT

The goal of the UK Internet Age Verification System is to protect children browsing on the internet. But these checks come with new cybersecurity risks and privacy concerns.

cside at PCI SSC 2025 North America Community Meeting

Simon Wijckmans — Thu, 24 Jul 2025 00:00:00 GMT

We are in town for the PCI SSC 2025 North America Community Meeting, September 16th to 18th.

How Chrome extensions can remove security headers

Simon Wijckmans — Mon, 21 Jul 2025 00:00:00 GMT

Many browsers actively update extensions without specific approval or opt-in. This means that an extension today can behave wildly differently tomorrow, and you will not be made aware of it.

What's the leading technology to prevent credit card skimming?

Simon Wijckmans — Mon, 21 Jul 2025 00:00:00 GMT

Visa’s Spring 2025 Biannual Threats Report identifies digital skimming as one of the “most prolific and consistent threats” in the payments ecosystem.

CryptoJacking is dead: long live CryptoJacking

Himanshu Anand — Thu, 17 Jul 2025 00:00:00 GMT

Modern crypto jacking has evolved into a silent, multi-stage attacks.

Magecart targeting east asian e-commerce websites on OpenCart

Himanshu Anand — Tue, 15 Jul 2025 00:00:00 GMT

We’ve detected a magecart-style attack targeting the OpenCart CMS platform

How traffic hijacking and affiliate fraud can harm websites and users

Himanshu Anand — Thu, 10 Jul 2025 00:00:00 GMT

Traffic hijacking is when someone secretly changes where a website’s links go, sending visitors to other sites.

cside at BlackHat USA 2025

Simon Wijckmans — Wed, 09 Jul 2025 00:00:00 GMT

cside is exhibiting at BlackHat USA 2025.

Is relying on Indicators of Compromise secure enough?

Himanshu Anand — Thu, 03 Jul 2025 00:00:00 GMT

Most security programs today still rely heavily on Indicators of Compromise (IOCs). This approach fails to detect threats that evolve slowly, reuse infrastructure, or operate in narrow, high-value contexts like client-side web skimming.

Why crawlers can't help with PCI compliance (alone)

Simon Wijckmans — Thu, 03 Jul 2025 00:00:00 GMT

Crawlers act like a user but are very clearly not a real human user. If a malicious script would get injected because of a user interaction, the crawler will not see the malicious script unless it makes that user interaction

PCI Compliance 4.0.1: A Practical Implementation Guide Webinar

Simon Wijckmans — Thu, 26 Jun 2025 00:00:00 GMT

We partnered up with VikingCloud, the largest global PCI compliance QSA and security firm on 2 webinars giving you the full context and info to implement PCI DS 4.0.1. With a special focus on requirements 6.4.3 & 11.6.1.

Why We’re Called cside

Simon Wijckmans — Wed, 25 Jun 2025 00:00:00 GMT

We named ourselves after the part of the web that no one else was protecting: the client-side.

CoinMarketCap Client-Side Attack: A Comprehensive Analysis

Himanshu Anand — Mon, 23 Jun 2025 00:00:00 GMT

On June 20, 2025, CoinMarketCap (CMC) - a cornerstone of the cryptocurrency ecosystem, relied upon by millions for real-time crypto data - experienced a significant security incident.

Weaponized Google OAuth Triggers Malicious WebSocket

Himanshu Anand — Tue, 10 Jun 2025 00:00:00 GMT

An attacker is using ‘Google.com’ to deliver and execute their own code in a weaponized Google OAuth attack.

Ruthless Client-Side Attacks Targeting Multiple Platforms with ClickFix

Himanshu Anand — Wed, 28 May 2025 00:00:00 GMT

In this article, we break down a recent ClickFix variant that now targets macOS, Android, and iOS, using browser-based redirections, fake UI prompts, and even drive-by download techniques.

Chinese Adult Scam Targets Mobile Users Through PWA

Himanshu Anand — Tue, 20 May 2025 00:00:00 GMT

We’ve identified a fresh injection campaign abusing third-party JavaScript to redirect users.

Malicious North Korean actors attempt to infiltrate technology companies

Simon Wijckmans — Thu, 01 May 2025 00:00:00 GMT

Catching fraudulent job applicants.

Client-Side Attack Recap – Q1 2025

Simon Wijckmans — Wed, 30 Apr 2025 00:00:00 GMT

cside’s research uncovered nearly 300,000 compromised websites in Q1 of 2025.

VikingCloud approves cside for PCI DSS requirement 6.4.3 and 11.6.1

Simon Wijckmans — Thu, 24 Apr 2025 00:00:00 GMT

cside has partnered with VikingCloud to perform a deep technical assessment of the security solutions we offer under the enterprise plan under the scope of PCI compliance. Offering full peace of mind that with a proper implementation of our products requirements 6.4.3 and 11.6.1 are met.

Is there a "free" method to comply with PCI DSS 6.4.3 and 11.6.1?

Simon Wijckmans — Wed, 23 Apr 2025 00:00:00 GMT

The short answer: Without an off the shelf solution, you'd have to build a DIY monitoring tool that would cos significantly more in wages than a prebuilt solution's vendor costs.

Do you need PCI SSF or PCI DSS? Here’s the difference

Simon Wijckmans — Tue, 22 Apr 2025 00:00:00 GMT

PCI SSF is for the software, and PCI DSS is for everything else. Let's dive in.

Over 150K websites hit by full-page hijack linking to Chinese gambling sites

Himanshu Anand — Wed, 26 Mar 2025 00:00:00 GMT

We estimate that approximately 150,000 websites have been impacted by this campaign. The script defines an array of keywords related to betting, gambling, and casino brands both in English and Chinese.

Can you use Adyen for PCI DSS?

Simon Wijckmans — Fri, 21 Mar 2025 00:00:00 GMT

Yes, BUT depending on which on the integration, your business is still responsible for ensuring compliance with the Payment Card Industry Data Security Standard (PCI DSS).

Can you use PayPal (Braintree) for PCI DSS?

Simon Wijckmans — Fri, 21 Mar 2025 00:00:00 GMT

Yes, BUT depending on which on the integration, your business is still responsible for ensuring compliance with the Payment Card Industry Data Security Standard (PCI DSS).

Can you use Stripe for PCI DSS?

Simon Wijckmans — Fri, 21 Mar 2025 00:00:00 GMT

Yes, BUT depending on which on the integration, your business is still responsible for ensuring compliance with the Payment Card Industry Data Security Standard (PCI DSS).

BSidesSF and RSAC Event

Simon Wijckmans — Thu, 13 Mar 2025 00:00:00 GMT

When cside is exhibiting, the afterparties are in town! Organized by us, Socket, Arcjet and Incident! Find our booth at BSidesSF (follow the laser), and booth 2438 at RSAC. Register for the 30th of April Book a meeting Join us for the ultimate cybersecurity networking experience at the Rooftop of our investor Uncork Capital in San Francisco! Organized by cside, Socket, Arcjet, and Incident, these exclusive events bring together 250+ techies, cybersecurity professionals, and BS

How to be a PCI DSS SAQ A company (6.4.3 and 11.6.1)

Simon Wijckmans — Fri, 07 Mar 2025 00:00:00 GMT

One sentence sparks debate. Because sites load scripts dynamically, a script from any page can persist into checkout, potentially interfering with payments. Third-party scripts, even if unrelated or on pages loaded before the payment pages, can introduce vulnerabilities.

Thousands of websites hit by four backdoors in 3rd party JavaScript attack

Himanshu Anand — Tue, 04 Mar 2025 00:00:00 GMT

While analyzing threats targeting WordPress frameworks, we found an attack where a single 3rd party JavaScript file was used to inject four separate backdoors into 1,000 compromised websites using cdn.csyndication[.]com/.

Bybit Attack: $1.5B stolen through malicious JavaScript

Simon Wijckmans — Thu, 27 Feb 2025 00:00:00 GMT

The attackers injected malicious JavaScript into the website interface where Bybit’s employees normally approve transactions. This malicious code was hidden in such a way that everything looked normal on the screen—but behind the scenes, it changed important details.

Over 35,000 Websites Targeted in Full-Page Hijack Linking to a Chinese-Language Gambling Scam

Himanshu Anand — Thu, 20 Feb 2025 00:00:00 GMT

A new malware campaign has compromised 35,000+ websites, injecting a malicious script from the websites listed below. Once the script loads, it fully hijacks the user’s browser window—often redirecting them to pages promoting a Chinese-language gambling (or casino) platform.

cside is now SOC2 compliant

Simon Wijckmans — Wed, 05 Feb 2025 00:00:00 GMT

We’re proud to announce our SOC2 type 2 audit has passed and we passed with the highest degree of approval.

Demystifying the January 2025 updates to PCI DSS SAQ A

Simon Wijckmans — Sun, 02 Feb 2025 00:00:00 GMT

A full detailed explanation, chart and guide to the changes regarding PCI DSS 4.0.1 - 6.4.3 and 11.6.1

10,000 WordPress Websites Found Delivering MacOS and Windows Malware

Himanshu Anand — Mon, 27 Jan 2025 00:00:00 GMT

We identified over 10,000 WordPress loading showing fake Google browser update leading to malware downloads.

Government and university websites targeted in ScriptAPI[.]dev client-side attack

Himanshu Anand — Tue, 21 Jan 2025 00:00:00 GMT

Yesterday we discovered another client-side JavaScript attack targeting +500 websites, including governments and universities. The injected scripts create hidden links in the Document Object Model (DOM), pointing to external websites, a programming interface for web documents.

Affiliate tracking and its cyber security risks

Simon Wijckmans — Mon, 20 Jan 2025 00:00:00 GMT

Malicious actors often exploit tracking pixels to inject harmful scripts on otherwise normal websites.

The cost of false positives - how we became a target

Himanshu Anand — Fri, 17 Jan 2025 00:00:00 GMT

This week, we identified an intriguing use case involving the WP3[.]XYZ attack (link to our blog post). It sparked interest across the community and led to better detection rates on platforms like VirusTotal (VirusTotal link). While most appreciated our efforts, others criticized us for not identifying the root cause or recommending services to clean up hacked websites. Despite this, we aim to make the community aware of potential attacks and promise to do even better in the future. When fals

Over 5,000 WordPress sites caught in WP3[.]XYZ malware attack

Himanshu Anand — Mon, 13 Jan 2025 00:00:00 GMT

We’ve uncovered a widespread malware campaign targeting WordPress websites, affecting over 5,000 sites globally. The malicious domain: "https://wp3.xyz/plugin[.]php".

Why Content Security Policy doesn't work

Simon Wijckmans — Tue, 07 Jan 2025 00:00:00 GMT

Content Security Policy (CSP) is a security feature provided by web browsers that a website owner can use to define a set of rules that control which resources (e.g., scripts, styles, images) can be loaded and executed by the browser. We call this the client-side, which is at the very end of the web supply chain. When properly configured, it helps prevent a wide range of attacks. But those first three words make all the difference. It can help prevent: Cross-Site Scripting (XSS): By restricti

Ad marketplaces security and compliance risks

Simon Wijckmans — Mon, 23 Dec 2024 00:00:00 GMT

For businesses monetizing through ad marketplace models, the less traditional 3rd-party advertising networks, analytics platforms, and marketing scripts are indispensable. They’re needed to drive revenue by boosting engagement and tracking user behavior.

A new Progressive Web App danger very few know about

Simon Wijckmans — Fri, 20 Dec 2024 00:00:00 GMT

The rise in adoption with PWAs comes an increase in client-side security risks. And the industry? It’s barely talking about it.

The Polyfill[.]io attack - More than just a redirect attack

Simon Wijckmans — Fri, 06 Dec 2024 00:00:00 GMT

A redirect was only what was caught. With control of one third-party script on half a million sites, far worse was possible. Here is why it mattered.

New 3rd party JS script attack found: Artifyau[.]com and Quantifymy[.]com

Himanshu Anand — Mon, 04 Nov 2024 00:00:00 GMT

This week, we deployed a specialized crawler for research purposes. Within just 24 hours, it successfully identified new Magecart attack patterns. Magecart is a sophisticated, financially motivated threat that injects malicious JavaScript to steal personal payment information. Here's a list of the biggest Magecart attacks thus far. Initial Detection: Obfuscated JavaScript on Artifyau[.]com Detected URL: https://artifyau[.]com/T1M0dVluVnBiR1J6YVhSbGNISnZMbU52YlE9PQ/jqwery.js. The URL mimics a

New Magecart attack code revealed

Himanshu Anand — Wed, 23 Oct 2024 00:00:00 GMT

On October 14th, we posted an article on how another Magento Magecart attack was taking place. Then we only noticed one script as the culprit. Today, we were able to find and analyze the attack in more detail. The attack decoded This was the injected code: