CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Stripe iframe skimmer campaign exploits payment iframes

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A sophisticated skimmer campaign targeting Stripe payment iframes has compromised 49 merchants. Attackers use malicious overlays to bypass security policies and steal credit card data. The campaign exploits vulnerabilities in the host page, highlighting the risks of third-party scripts and outdated security measures. The attack leverages deprecated APIs and injects malicious JavaScript through platforms like WordPress. It demonstrates the need for real-time monitoring and updated security policies to protect payment iframes. The campaign underscores the importance of securing the entire payment page, as mandated by PCI DSS 4.0.1. Organizations must implement strict CSP, advanced iframe monitoring, and secure postMessage handling to mitigate these risks.

Timeline

  1. 24.09.2025 14:03 1 articles · 5d ago

    Stripe iframe skimmer campaign compromises 49 merchants

    In August 2024, a sophisticated skimmer campaign targeted Stripe payment iframes, compromising 49 merchants. Attackers used malicious overlays to bypass security policies and steal credit card data. The campaign leveraged a deprecated Stripe API for real-time validation, making the theft invisible to customers. This highlights the need for real-time monitoring and updated security measures to protect payment iframes. The campaign underscores the importance of securing the entire payment page, as mandated by PCI DSS 4.0.1. Organizations must implement strict CSP, advanced iframe monitoring, and secure postMessage handling to mitigate these risks.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

XCSSET macOS Malware Targets Xcode Developers with Enhanced Features

A new variant of the XCSSET macOS malware has been detected, targeting Xcode developers with enhanced features. This variant includes improved browser targeting, clipboard hijacking, and persistence mechanisms. The malware spreads by infecting Xcode projects, stealing cryptocurrency, and browser data from infected devices. The malware uses run-only compiled AppleScripts for stealthy execution and employs sophisticated encryption and obfuscation techniques. It incorporates new modules for data exfiltration, persistence, and clipboard monitoring. The malware has been observed in limited attacks, with Microsoft sharing findings with Apple and GitHub to mitigate the threat. Developers are advised to keep macOS and apps up to date and inspect Xcode projects before building them.

Open in new tab

ForcedLeak Vulnerability in Salesforce Agentforce Exploited via AI Prompt Injection

A critical vulnerability in Salesforce Agentforce, named ForcedLeak, allowed attackers to exfiltrate sensitive CRM data through indirect prompt injection. The flaw affected organizations using Salesforce Agentforce with Web-to-Lead functionality enabled. The vulnerability was discovered and reported by Noma Security on July 28, 2025. Salesforce has since patched the issue and implemented additional security measures, including regaining control of an expired domain and preventing AI agent output from being sent to untrusted domains. The exploit involved manipulating the Description field in Web-to-Lead forms to execute malicious instructions, leading to data leakage. Salesforce has enforced a Trusted URL allowlist to mitigate the risk of similar attacks in the future. The ForcedLeak vulnerability is a critical vulnerability chain with a CVSS score of 9.4, described as a cross-site scripting (XSS) play for the AI era. The exploit involves embedding a malicious prompt in a Web-to-Lead form, which the AI agent processes, leading to data leakage. The attack could potentially lead to the exfiltration of internal communications, business strategy insights, and detailed customer information. Salesforce is addressing the root cause of the vulnerability by implementing more robust layers of defense for their models and agents.

Open in new tab