my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #banking security

Your Banking Session Just Phoned Temu. Your CSP Allowed It.

John Z Black Apr 16, 2026

Privacy & Digital Rights #privacy #browser security #CSP #Taboola #Temu #banking security

A Taboola pixel on authenticated banking pages was redirecting session data to Temu via a single 302. The CSP didn't catch it. It wasn't supposed to.

Read More