Payment iframe defense against malicious overlays on checkout pages
Defensive Guidance
Summary
Hide ▲
Show ▼
Attackers are actively abusing payment iframes on checkout pages with malicious overlays, making strict CSP and real-time monitoring essential to prevent card theft. The guidance also elevates secure postMessage handling because spoofed iframe messages can let fake payments slip through. Merchant-hosted payment pages now need page-level controls, not just frame headers, to reduce exposure. PCI DSS 4.0.1 reinforces that shift by demanding stronger script authorization and change detection.
Related Happenings
Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw
Vulnerability
First: 16.05.2026 18:20
Last: 16.05.2026 18:20
Sources 1
About this happening:
**Funnel Builder** for **WordPress** is under **active exploitation** for arbitrary JavaScript injection into **WooCommerce checkout pages**, creating payment-skimming risk across...
Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw
VulnerabilityAbout this happening: **Funnel Builder** for **WordPress** is under **active exploitation** for arbitrary JavaScript injection into **WooCommerce checkout pages**, creating payment-skimming risk across...
Funnel Builder security patch release (version 3.15.0.3)
Security Patch Release
First: 16.05.2026 18:20
Last: 16.05.2026 18:20
Sources 1
About this happening:
**FunnelKit** released **version 3.15.0.3** to fix a **Funnel Builder** flaw that was being **actively exploited** to inject malicious JavaScript into **WooCommerce checkout pages...
Funnel Builder security patch release (version 3.15.0.3)
Security Patch ReleaseAbout this happening: **FunnelKit** released **version 3.15.0.3** to fix a **Funnel Builder** flaw that was being **actively exploited** to inject malicious JavaScript into **WooCommerce checkout pages...
Funnel Builder 3.15.0.3 security update
Security Patch Release
First: 15.05.2026 22:30
Last: 15.05.2026 22:30
Sources 1
About this happening:
**FunnelKit** released **Funnel Builder 3.15.0.3** to fix an **actively exploited** flaw affecting **WordPress/WooCommerce checkout pages**, closing a path that could inject malic...
Funnel Builder 3.15.0.3 security update
Security Patch ReleaseAbout this happening: **FunnelKit** released **Funnel Builder 3.15.0.3** to fix an **actively exploited** flaw affecting **WordPress/WooCommerce checkout pages**, closing a path that could inject malic...
Funnel Builder WordPress plugin unauthenticated checkout script injection actively exploited security flaw
Vulnerability
First: 15.05.2026 22:30
Last: 15.05.2026 22:30
Sources 1
About this happening:
**Funnel Builder** for WordPress has an **actively exploited** unauthenticated script-injection flaw that can compromise **WooCommerce checkout pages** and steal payment data. The...
Funnel Builder WordPress plugin unauthenticated checkout script injection actively exploited security flaw
VulnerabilityAbout this happening: **Funnel Builder** for WordPress has an **actively exploited** unauthenticated script-injection flaw that can compromise **WooCommerce checkout pages** and steal payment data. The...
WebRTC payment skimmer
Malware Activity
First: 26.03.2026 08:53
Last: 26.03.2026 08:53
Sources 1
About this happening:
A **new payment skimmer** has been identified using **WebRTC data channels** to load payloads and steal payment data from **e-commerce sites**, bypassing common security controls....
WebRTC payment skimmer
Malware ActivityAbout this happening: A **new payment skimmer** has been identified using **WebRTC data channels** to load payloads and steal payment data from **e-commerce sites**, bypassing common security controls....
Timeline
-
24.09.2025 14:03 2 articles · 8mo ago
Payment iframe defense against malicious overlays on checkout pages
Initial DisclosureCheckout-page defenses are shifting from static headers to active host-page monitoring. The immediate priority is to detect unauthorized iframe creation and verify iframe messages before payment data is skimmed.
Show sources
- iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks — thehackernews.com — 24.09.2025 14:03
- iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks — thehackernews.com — 24.09.2025 14:03