|
By Feroot
I was on ABC News recently discussing why banks are on alert as new AI systems like Anthropic’s Claude Mythos raise cybersecurity concerns. What struck me most is how quickly the conversation has shifted. This is no longer a hypothetical risk or something we are planning for in the future. Financial institutions and regulators are reacting in real time to what AI is already capable of doing. From my perspective, we are still underestimating how fast this is moving.
|
By Feroot
Organizations have invested heavily in consent management. Consent Management Platforms (CMPs) are standard infrastructure for privacy programs, and for good reason. Regulations like GDPR, CCPA/CPRA, LGPD, PDPA, and HIPAA require organizations to obtain, record, and honor user consent before collecting or processing personal data. CMPs provide the framework to do that. Most organizations have done the right thing, they just don’t know if they’ve done the right thing right.
|
By Feroot
Consent management platforms were a reasonable first answer to GDPR. Capture the choice, log it, and move on. For a while, that felt like compliance. It wasn’t. A logged preference and an enforced preference are two different things. When a user clicks reject all, the legal obligation isn’t just to record that click, but it’s also to ensure no tracking script executes after that. Tags, pixels, analytics calls, behavioral trackers, they all need to stop.
|
By Feroot
When a patient logs into a billing portal, two of the most heavily regulated data types in the U.S. end up in the same browser session. PHI like health history, insurance providers, and diagnoses, renders right alongside the card entry fields they’ll use to pay. And with them load the third-party scripts that marketing manages. Analytics, heatmaps, A/B testing, conversion tracking. These tools are how growth teams optimize revenue and product teams improve the experience.
|
By Feroot
AppsFlyer’s JavaScript SDK has been compromised in an active supply chain attack. Websites loading the script are serving malicious code to their users without any changes to their own codebase.
|
By Feroot
For most of HIPAA’s history, PHI moved through known systems, between known parties, for known reasons. You provisioned access and audited behavior. The data flows remained observable, and so did the vendor relationships built around them. EHR vendors, billing platforms, and transcription services, you knew what each one touched because you handed it to them. Then the website became part of the care journey. With it came appointment schedulers, symptom checkers, patient portals, and intake forms.
|
By Feroot
In 2024, Recorded Future’s Fraud Intelligence Report found over 11,000 e-commerce domains actively running payment page skimmers, a nearly 300% increase from the year before. The majority of those merchants had no client-side monitoring in place.Most of them were processing payments through legitimate, PCI-certified processors. Some of them were almost certainly SAQ-A-EP merchants who believed their processor’s compliance covered their risk. It doesn’t.
|
By Feroot
CCPA used to audit your policies and paperwork. Then came the Sephora settlement, and things moved to logs, runtime, and network reports. The company’s privacy policy said it didn’t sell consumer data. California’s AG ran the site, watched the cookies and pixels fire, and found that in reality, they did. Healthline followed in 2025. Then Disney in 2026. Different companies, common findings. Data gets collected and shared with third parties via tags. GPC gets ignored.
|
By Feroot
Three million patients. That’s how many had their most sensitive health information silently siphoned from hospital systems and handed to a party that had no authorization to receive it. The year was 2022. And what would become one of the largest unauthorized disclosures of protected health information ever documented didn’t arrive through a ransomware attack, a stolen credential, or a nation-state intrusion. It came from a piece of marketing software doing exactly what it was designed to do.
|
By Feroot
If your organization serves patients in both the United States and the European Union, two regulators, HIPAA and GDPR, are already watching your website. Specifically, what happens in the seconds between a visitor landing on your page and your analytics stack doing its job. In March 2024, OCR mentioned that even unauthenticated website interactions, like a user browsing your oncology content or typing into a symptom checker, can constitute PHI if the visit is for health-related purposes.
|
By Feroot
Feroot Security Inspector automatically discovers and reports on all JavaScript web assets and their data access. Inspector finds JavaScript security vulnerabilities on the client-side and reports on them, and provides specific client-side threat remediation advice to security teams in real-time. With Inspector, customers are able to conduct constant client-side attack surface management and defense.
|
By Feroot
Feroot Security co-founders, Ivan Tsarynny and Vitaliy Lim, discuss the client-side landscape and why security is needed to protect the front-end.
|
By Feroot
Head of Application Security at The Motley Fool, Paolo del Mundo, shares his experience with Feroot's Inspector and how it has increased visibility into their client-side attack surface.
|
By Feroot
Client-side security is important today because of the increase in attacks against individuals using the web to access services that require the sharing of sensitive and personally identifiable information (PII). Feroot enables proactive client-side security programs to protect the customer journey. Our products are designed to significantly diminish a threat actor’s ability to breach customer data or damage websites via client-side attacks. We help cybersecurity and application security professionals guard the customer experience.
|
By Feroot
Empower your business with client-side security. Arm your application developers, security professionals, and privacy professionals with reliable client-side security technologies to develop secure JavaScript applications, stop client-side cyberattacks, and ensure compliance with global privacy regulations. Learn more about Feroot Security and what we can do to help you secure your client-side attack surface!
|
By Feroot
See Feroot Security Inspector in action. Learn how you can deploy client-side JavaScript security monitoring to detect Magecart, e-skimming, formjacking, JavaScript vulnerabilities, and other threats to your customer-facing web applications.
|
By Feroot
Learn how to protect your client-side web applications and the customer data you collect via your websites. Gain a deep understanding of how to stop skimming breaches by closing gaps in your web application firewalls, content security policies, penetration testing, security testing, and vulnerability scanning coverage. Explore the basics of client-side security and learn how businesses can protect themselves and their customers with automated tools, monitoring, and controls to stop threats, all while safeguarding customer data.
|
By Feroot
In a world in which commerce, business, and information are driven almost exclusively by the internet, protecting both consumers and data is critical.
|
By Feroot
Learn how client-side web security programs use Feroot Security to align with cybersecurity frameworks.
|
By Feroot
Learn everything you need to know about client-side security to protect JavaScript web applications and customer data. Discover how to secure your business so that it may succeed in today's digital economy.
|
By Feroot
Learn how to protect your JavaScript web applications and customer data from cyberthreats. Discover how to secure your webpages and web applications so that your business can thrive. The guide highlights the fundamental risks associated with using JavaScript in an unprotected client-side environment and what web application developers and security professionals can do to better protect their websites and website users.
- April 2026 (1)
- March 2026 (12)
- February 2026 (12)
- January 2026 (11)
- December 2025 (9)
- November 2025 (11)
- October 2025 (14)
- September 2025 (9)
- August 2025 (9)
- July 2025 (14)
- June 2025 (14)
- May 2025 (11)
- April 2025 (12)
- March 2025 (2)
- February 2025 (12)
- January 2025 (6)
- December 2024 (9)
- November 2024 (2)
- October 2024 (1)
- August 2024 (2)
- May 2024 (2)
- March 2024 (1)
- October 2023 (2)
- May 2023 (1)
- April 2023 (5)
- March 2023 (1)
- February 2023 (2)
- January 2023 (1)
- August 2022 (6)
- July 2022 (1)
- June 2022 (6)
- May 2022 (4)
- April 2022 (4)
- March 2022 (9)
- February 2022 (4)
- January 2022 (5)
- December 2021 (1)
- November 2021 (1)
- October 2021 (2)
- September 2021 (2)
- July 2021 (1)
- June 2021 (1)
Secure your JavaScript web applications and webpages with automated security scanning, monitoring, and controls to stop cyber threats and protect customer data.
Arm your application developers, security professionals, and privacy professionals with reliable client-side security technologies to develop secure JavaScript applications, stop client-side cyberattacks, and ensure compliance with global privacy regulations.
Empower your business with client-side security:
- Know your client-side attack surface: Create an inventory of client-side elements and gain a deep understanding of how scripts and applications behave and the data they can access.
- Uncover suspicious behavior: Discover and control client-side web assets. Monitor web application behavior to determine if baseline scripts or applications show runtime or access abnormalities.
- Act on privacy & compliance reports: Gain deep transparency of your client-side asset inventory, tracking, and remediation status’. Track PCI DSS, NIST, CIS Top 20, OWASP Top 10, and MITRE ATT&CK program maturity.
Client-Side Security Made Easy.