@csideai profile picture
cside @csideai

The only client-side security company with a proxy solution. Gain visibility into every 3rd party script, attack, fraud attempt, and AI agent on the client-side

Joined March 2024
  • Tweets 172
  • Following 37
  • Followers 315
84 Photos and videos
cside
@csideai
May 13
David Attenborough turned 100 and you still don’t know how your app behaves in a browser.
1
163
cside retweeted
Chargebacks911
@Chargebacks911
Mar 13
📅 March 26th at 1pm EST | Live Webinar with @csideai! Join us to learn how issuer expectations are changing, what stronger dispute evidence looks like today, and how to better protect revenue. Register free: hubs.li/Q046J9Vr0 #Chargebacks | #Payments

Free Webinar: The Evidence Economy: Why Disputes Are Moving Beyond Receipts

Receipts and proof of delivery used to carry disputes; that is not the world we are in anymore. Issuers are making decisions based on context, behavior, and credibility, and tighter VAMP thresholds...

ad.chargebacks911.com
1
1
1,610
cside
@csideai
Mar 4
Observing a surge in client-side fetches happening to msclairty[.]com hijacking referral tokens. Still unclear of the extension responsible but judging by the volume it must be top one of the 5000 browser extensions.
1
1
651
cside
@csideai
Mar 4
cside.com/blog/microsoft-cla…
203
cside
@csideai
25 Jul 2025
🚨 Magecart Alert 🚨 A live Magecart skimmer on payment pages is exfiltrating credit card data in violation of PCI DSS. Script downloaded from: hxxps://meriksshadowfiend[.]top/moritz-ca/metrics.js Sending stolen data to: hxxps://pixelnotinggo[.]top/api/accept-metrics
1
4
3,784
cside
@csideai
24 Jul 2025
Multiple shipped features this month 🤩 Full details on cside. dev/changelog.
0:07
4
943
cside
@csideai
22 Jul 2025
A browser extension can quietly remove critical security headers like CSP. No warning. No consent. You install an extension and suddenly, protections against data leaks and injections are gone. Should we make this an explicit opt-in? Or will that see no adoption?
3
495
cside
@csideai
21 Jul 2025
❗️We've identified a Magecart-like attack on the OpenCart CMS platform, mainly targeting East-Asian e-commerce websites cside.dev/blog/magecart-targ…
1
1
329
cside
@csideai
3 Jul 2025
This is what makes client-side attacks so dangerous. Dynamism is a sword that cuts both ways. Attacker leverage this to stay undetected for days, weeks and months.
0:29
2
346
cside
@csideai
22 Jun 2025
Yesterday CoinMarketCap got struck by a substantial client-side attack. Impacting all logged in users to reauthenticate their wallet access, and inadvertently grating access to a bad actor.
1
1
266
cside
@csideai
22 Jun 2025
Read our full report: cside.dev/blog/coinmarketcap…
178
cside
@csideai
10 Jun 2025
Hello from Gartner! Come visit us at booth 971 in the startup zone.
263
cside
@csideai
10 Jun 2025
We analyzed an attack on a Magento-based eCommerce site. The injection technique used hides in plain sight as the attacker is using ‘Google .com’ to deliver and execute their own code. cside.dev/blog/weaponized-go…
3
5
740
cside
@csideai
4 Jun 2025
We’re at InfoSec all week! Booth B133, come say hi!
1
2
258
cside
@csideai
23 May 2025
Thanks for having us @eChannelNews! e-channelnews.com/c-side-cli…

c/side: Client-Side Security and Solutions - E-ChannelNews.com

Mike Kutlu, GTM Operations at c/side, highlighted the significant risks associated with client-side security, especially for e-commerce and SaaS companies, noting that software supply chain security...

e-channelnews.com
2
229
cside
@csideai
21 May 2025
A new attack found in Progressive Web Apps (PWAs). They are browser-based too after all, and are also targets in client-side attacks. cside.dev/blog/chinese-adult…
2
3
376
cside
@csideai
13 May 2025
"But we use CSP so we're fine" ❌ No, you’re not. CSP was designed to protect you from things like XSS. But in reality, a CSP is blind as a bat. If you trust a vendor’s domain, CSP lets it right through. If that vendor gets compromised? CSP shrugs.

ALT Backing Up Homer Simpson GIF

1
2
367
cside
@csideai
13 May 2025
If you believe “strict CSP” is enough, look at Magecart, PII leaks, or the rise of fake browser updates. CSP couldn't save them, and neither will it save you.
1
2
262
cside
@csideai
13 May 2025
If you’re serious about client-side security, you need runtime protection that sees what scripts actually do in your users' browsers. CSP is like locking your front door while leaving the windows wide open.
1
130
cside
@csideai
7 May 2025
Thanks people at BSides and RSAC! After the conferences, we hosted a rooftop afterparty for 500 people. A great way to close out the week. Thanks to @SocketSecurity, @arcjet and @incident_io for co-hosting with us 💙
5
172
Load more