by Source Defense When attackers are clever enough to name their cookie “csp_f_y,” you know they’re not just exfiltrating data”, they’re mocking your defenses. In a recent attack spotted by the Source Defense Cyber Research team, a compromised first-party script on a payment page stored sensitive data in a cookie named csp_f_y. The exfiltration didn’t happen
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/04/csp-fy-a-magecart-attack-that-dodges-policy-and-makes-a-joke-while-doing-it/
