Skip to content
Client-side skimming attacks have a boring superpower: they can steal data without breaking anything. The page still loads. Checkout still completes. All it needs is just one malicious script tag. If that sounds abstract, here are two recent examples of such skimming attacks: In January 2026, Sansec reported a browser-side keylogger running on an employee merchandise store for a major U.S. bank, h...