Scott Helme

1. Security considerations when using Passkeys on your website

   Passkeys are awesome and that's why we implemented them on Report URI! You can read about our implementation here and get the basics on how Passkeys work and why you want them. In this post, we're going to focus on what security considerations you should have

   Published Wed, Apr 22, 2026

2. Fighting an active Magecart Campaign

   We’ve been tracking an active Magecart campaign targeting ecommerce sites, with payloads customised per victim and evasion logic designed to stay hidden from site owners. We spotted it because we monitor what code actually executes in the browser, not just what a site is supposed to load. What

   Published Mon, Apr 13, 2026

3. Amazing Refresh — A Malicious Chrome Extension Running Malware in the Browser

   We recently uncovered a malicious browser extension affecting visitors to customer websites. It injected JavaScript into pages, hijacked outbound clicks through affiliate infrastructure, and quietly monetised user traffic. We spotted it not because a website was compromised, but because we monitor what…

   Published Tue, Apr 7, 2026

4. Bringing in the experts; Having our Passkeys implementation Security Tested

   We recently announced support for Passkeys on your Report URI account, and everyone should go and enable Passkeys for the amazing security benefits they offer. As a new implementation of an authentication technology, we wanted to be sure that everything was as secure as it should be for our customer…

   Published Thu, Apr 2, 2026

5. Launching Passkeys support on Report URI! 🗝️

   As we're always wanting to keep ahead in the security game, I'm happy to announce that we now support Passkeys on Report URI! Let's take a quick look at what Passkeys are, why you should use them, and how we've implemented them.

   Published Mon, Mar 30, 2026

6. When “One in a Billion” Happens Every Day: Scaling Redis at Report URI

   Something that I've come to learn as we continue to grow Report URI is that everything is easy until scale makes it hard. We're now processing so much telemetry that a "one in a billion" problem can happen every, single, day, and we'

   Published Tue, Mar 24, 2026

7. Leverage our treasure trove of Threat Intelligence data

   We've been working on CSP Integrity for a little while now, and it was only announced in open beta back in September. Since then, as more of our customers start to use it, we've continued to improve it and observe the potentially huge benefits. CSP Integrity

   Published Wed, Mar 18, 2026

8. XSS Ranked #1 Top Threat of 2025 by MITRE and CISA

   Look who's back! After we completed 2024, XSS managed to get itself ranked as the #1 top threat of the year. I wrote about that, and at the end of the blog post I said "Let's make sure that XSS isn't #1 in

   Published Tue, Mar 10, 2026

9. DNS-PERSIST-01; Handling Domain Control Validation in a short-lived certificate World

   This year, we have a new method for Domain Control Validation arriving called DNS-PERSIST-01. It is quite a fundamental change from how we do DCV now, so let's take a look at the benefits and the drawbacks.First, a quick recapWhen you approach a Certificate Authority, like

   Published Mon, Feb 9, 2026

10. The European Space Agency got hacked, and now we own the domain used!

    It's not often that two of my interests align so well, but we're talking about space rockets and cyber security! Whilst Magecart and Magecart-style attacks might not be the most common attack vector at the moment, they are still happening with worrying frequency, and they are

    Published Mon, Feb 2, 2026

11. Eating Our Own Dogfood: What Running Report URI on Report URI Taught Us

    Dogfooding is often talked about as a best practice, but I don't often see the results of such activities. For all new features introduced on Report URI, we are always the first to try them out and see how they work. In this post, we'll look

    Published Wed, Jan 28, 2026

12. Blink and you'll miss them: 6-day certificates are here!

    What a great way to start 2026! Let's Encrypt have now made their short-lived certificates available, so you can go and start using them right away.It wasn't long ago when the announcement came that by 2029, all certificates will be reduced to a maximum of

    Published Mon, Jan 19, 2026

13. What a Year of Solar and Batteries Really Saved Us in 2025

    Throughout 2025, I spoke a few times about our home energy solution, including our grid usage, our solar array and our Tesla Powerwall batteries. Now that I have a full year of data, I wanted to take a look at exactly how everything is working out, and, in alignment with

    Published Tue, Jan 13, 2026

14. Report URI Penetration Test 2025

    Every year, just as we start to put up the Christmas Tree, we have another tradition at Report URI which is to conduct our annual penetration test! 🎅🎄🎁 --> 🩻🔐🥷This will be our 6th annual penetration test that we've posted completely publicly,

    Published Mon, Dec 15, 2025

15. Report URI - outage update

    This is not a blog post that anybody ever wants to write, but we had some service issues yesterday and now the dust has settled, I wanted to provide an update on what happened. The good news is that the interruption was very minor in the end, and likely went

    Published Wed, Nov 19, 2025