Brilliantly written and chillingly convincing. A pretty persuasive argument for site owners to sort out their CSPs (Content Security Policies). I can almost see @Scott_Helme and @troyhunt nodding along.
https://medium.com/@david.gilbertson/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5
My tweets and posts live here on my own domain these days.
You can explore them here and follow me on Mastodon instead of Twitter where I'm not currently active.