Scott Helme offers insights into web security, HTTPS adoption, and best practices for securing online services, providing articles, workshops, and security tools to help organizations protect against cyber threats. By exploring Scott Helme's curated content, developers can learn about HTTP security headers, Content Security Policy (CSP), and TLS encryption for securing web applications and APIs. Whether you're a web developer, sysadmin, or security professional, Scott Helme offers resources to enhance your cybersecurity knowledge and defend against common vulnerabilities.

Scott Helme

An active Magecart campaign targeting ecommerce sites has been uncovered, featuring payloads customized per victim with sophisticated evasion techniques. The attack begins with a script injection disguised as a Google Tag Manager loader, which decodes a base64 URL at runtime to inject malicious JavaScript. The skimmer includes admin detection to avoid triggering for site owners, anti-debugging via performance.now() timing, and platform fingerprinting for WooCommerce, Magento, OpenCart, and PrestaShop. It injects a fake payment form styled to match the real one, captures card data to localStorage, and exfiltrates it — including a 'CSP bypass' technique that redirects victims through attacker infrastructure with stolen data in the URL before bouncing them back. The campaign is ongoing, with the malicious domain styleoutsperee.com (registered Feb 2026) as the key indicator of compromise. Defenders are advised to audit checkout scripts, monitor for requests to that domain, and investigate unexpected redirects during payment flows.

Fighting an active Magecart Campaign