Client-side skimming attacks have a boring superpower: they can steal data without breaking anything. The page still loads. Checkout still completes. All it needs is just one malicious script tag.
If that sounds abstract, here are two recent examples of such skimming attacks:
In January 2026, Sansec reported a browser-side keylogger running on an employee merchandise store for a major U.S. bank, h...
The article showcases Cloudflare's proactive approach to security, particularly in the context of client-side attacks. By providing domain-based threat intelligence to all clients, regardless of their plan level, they are helping bridge the gap between enterprise-level and small to medium-sized businesses. This move can be seen as a response to the growing number of client-side attacks affecting non-enterprise customers running webshops on the Magento platform in 2025.
However, it's important to...