1. 1,542 Web Apps Fail Stripe Webhook Signature Checks, Exposing Payment Flows to Forgery
A scanning project targeting 6,000 web applications has uncovered a widespread security failure: 1,542 servers processed forged Stripe webhook events without verifying the signature header. Researchers sent minimal fake `checkout.session.completed` events to common webhook endpoints without any `Stripe-Signature` heade...