Scott Helme

Security considerations when using Passkeys on your website

Passkeys are awesome and that's why we implemented them on Report URI! You can read about our implementation here and get the basics on how Passkeys work and...

Free Post

Fighting an active Magecart Campaign

We’ve been tracking an active Magecart campaign targeting ecommerce sites, with payloads customised per victim and evasion logic designed to stay hidden from site owners. We spotted it because...

Amazing Refresh — A Malicious Chrome Extension Running Malware in the Browser

Free Post

Report URI

Amazing Refresh — A Malicious Chrome Extension Running Malware in the Browser

We recently uncovered a malicious browser extension affecting visitors to customer websites. It injected JavaScript into pages, hijacked outbound clicks through affiliate infrastructure, and quietly monetised user traffic. We spotted...

Bringing in the experts; Having our Passkeys implementation Security Tested

Free Post

Report URI

Bringing in the experts; Having our Passkeys implementation Security Tested

We recently announced support for Passkeys on your Report URI account, and everyone should go and enable Passkeys for the amazing security benefits they offer. As a new implementation of...

Free Post

Passkeys

Launching Passkeys support on Report URI! 🗝️

As we're always wanting to keep ahead in the security game, I'm happy to announce that we now support Passkeys on Report URI! Let's...

Free Post

Report URI

When “One in a Billion” Happens Every Day: Scaling Redis at Report URI

Something that I've come to learn as we continue to grow Report URI is that everything is easy until scale makes it hard. We're now processing...

Leverage our treasure trove of Threat Intelligence data

Free Post

Report URI

Leverage our treasure trove of Threat Intelligence data

We've been working on CSP Integrity for a little while now, and it was only announced in open beta back in September. Since then, as more of our...

XSS Ranked #1 Top Threat of 2025 by MITRE and CISA

Free Post

XSS

XSS Ranked #1 Top Threat of 2025 by MITRE and CISA

Look who's back! After we completed 2024, XSS managed to get itself ranked as the #1 top threat of the year. I wrote about that, and at the...

DNS-PERSIST-01; Handling Domain Control Validation in a short-lived certificate World

Free Post

DCV

DNS-PERSIST-01; Handling Domain Control Validation in a short-lived certificate World

This year, we have a new method for Domain Control Validation arriving called DNS-PERSIST-01. It is quite a fundamental change from how we do DCV now, so let's...

The European Space Agency got hacked, and now we own the domain used!

Free Post

Report URI

The European Space Agency got hacked, and now we own the domain used!

It's not often that two of my interests align so well, but we're talking about space rockets and cyber security! Whilst Magecart and Magecart-style attacks might...

Scott Helme

Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption.

Security considerations when using Passkeys on your website

Fighting an active Magecart Campaign

Amazing Refresh — A Malicious Chrome Extension Running Malware in the Browser

Bringing in the experts; Having our Passkeys implementation Security Tested

Launching Passkeys support on Report URI! 🗝️

When “One in a Billion” Happens Every Day: Scaling Redis at Report URI

Leverage our treasure trove of Threat Intelligence data

XSS Ranked #1 Top Threat of 2025 by MITRE and CISA

DNS-PERSIST-01; Handling Domain Control Validation in a short-lived certificate World

The European Space Agency got hacked, and now we own the domain used!

Upcoming Events

Cheat Sheets

Projects

Upcoming Events

Cheat Sheets

Projects

Follow