Fighting an active Magecart Campaign π
Weβve been tracking an active Magecart campaign targeting ecommerce sites, with payloads customised per victim and evasion logic designed to stay hidd [...]
Scott Helme
Posts
Amazing Refresh β A Malicious Chrome Extension Running Malware in the Browser π
We recently uncovered a malicious browser extension affecting visitors to customer websites. It injected JavaScript into pages, hijacked outbound clic [...]
Bringing in the experts; Having our Passkeys implementation Security Tested π
We recently announced support for Passkeys on your Report URI account, and everyone should go and enable Passkeys for the amazing security benefits th [...]
Launching Passkeys support on Report URI! ποΈ π
As we're always wanting to keep ahead in the security game, I'm happy to announce that we now support Passkeys on Report URI! Let's take a quick look [...]
When βOne in a Billionβ Happens Every Day: Scaling Redis at Report URI π
Something that I've come to learn as we continue to grow Report URI is that everything is easy until scale makes it hard. We're now processing so much [...]
Leverage our treasure trove of Threat Intelligence data π
We've been working on CSP Integrity for a little while now, and it was only announced in open beta back in September. Since then, as more of our custo [...]
XSS Ranked #1 Top Threat of 2025 by MITRE and CISA π
Look who's back! After we completed 2024, XSS managed to get itself ranked as the #1 top threat of the year. I wrote about that, and at the end of the [...]
DNS-PERSIST-01; Handling Domain Control Validation in a short-lived certificate World π
This year, we have a new method for Domain Control Validation arriving called DNS-PERSIST-01. It is quite a fundamental change from how we do DCV now, [...]
The European Space Agency got hacked, and now we own the domain used! π
It's not often that two of my interests align so well, but we're talking about space rockets and cyber security! Whilst Magecart and Magecart-style at [...]
Eating Our Own Dogfood: What Running Report URI on Report URI Taught Us π
Dogfooding is often talked about as a best practice, but I don't often see the results of such activities. For all new features introduced on Report U [...]
Blink and you'll miss them: 6-day certificates are here! π
What a great way to start 2026! Let's Encrypt have now made their short-lived certificates available, so you can go and start using them right away. I [...]
What a Year of Solar and Batteries Really Saved Us in 2025 π
Throughout 2025, I spoke a few times about our home energy solution, including our grid usage, our solar array and our Tesla Powerwall batteries. Now [...]
Report URI Penetration Test 2025 π
Every year, just as we start to put up the Christmas Tree, we have another tradition at Report URI which is to conduct our annual penetration test! οΏ½ [...]
Report URI - outage update π
This is not a blog post that anybody ever wants to write, but we had some service issues yesterday and now the dust has settled, I wanted to provide a [...]
Integrity Policy - Monitoring and Enforcing the use of SRI π
This has been a long time coming so I'm excited that we now have a working standard in the browser for monitoring and enforcing the use of SRI across [...]