Stripe iframe skimmer campaign targeting merchants
Campaign
Summary
Hide ▲
Show ▼
The Stripe iframe skimmer campaign used malicious overlays to steal card data from dozens of merchants, raising checkout-fraud risk across payment pages. In August 2024, attackers injected malicious JavaScript through vulnerable platforms like WordPress to hide legitimate Stripe iframes. They replaced the real checkout frame with pixel-perfect replicas and used a deprecated Stripe API to validate stolen cards in real time. The operation shows that protecting the host page is as important as protecting the iframe itself.
Related Happenings
Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw
Vulnerability
First: 16.05.2026 18:20
Last: 16.05.2026 18:20
Sources 1
About this happening:
**Funnel Builder** for **WordPress** is under **active exploitation** for arbitrary JavaScript injection into **WooCommerce checkout pages**, creating payment-skimming risk across...
Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw
VulnerabilityAbout this happening: **Funnel Builder** for **WordPress** is under **active exploitation** for arbitrary JavaScript injection into **WooCommerce checkout pages**, creating payment-skimming risk across...
Funnel Builder security patch release (version 3.15.0.3)
Security Patch Release
First: 16.05.2026 18:20
Last: 16.05.2026 18:20
Sources 1
About this happening:
**FunnelKit** released **version 3.15.0.3** to fix a **Funnel Builder** flaw that was being **actively exploited** to inject malicious JavaScript into **WooCommerce checkout pages...
Funnel Builder security patch release (version 3.15.0.3)
Security Patch ReleaseAbout this happening: **FunnelKit** released **version 3.15.0.3** to fix a **Funnel Builder** flaw that was being **actively exploited** to inject malicious JavaScript into **WooCommerce checkout pages...
Funnel Builder WordPress plugin unauthenticated checkout script injection actively exploited security flaw
Vulnerability
First: 15.05.2026 22:30
Last: 15.05.2026 22:30
Sources 1
About this happening:
**Funnel Builder** for WordPress has an **actively exploited** unauthenticated script-injection flaw that can compromise **WooCommerce checkout pages** and steal payment data. The...
Funnel Builder WordPress plugin unauthenticated checkout script injection actively exploited security flaw
VulnerabilityAbout this happening: **Funnel Builder** for WordPress has an **actively exploited** unauthenticated script-injection flaw that can compromise **WooCommerce checkout pages** and steal payment data. The...
Vercel v0.dev phishing campaign using GenAI-built lure pages
Campaign
First: 07.05.2026 11:30
Last: 07.05.2026 11:30
Sources 1
About this happening:
A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...
Vercel v0.dev phishing campaign using GenAI-built lure pages
CampaignAbout this happening: A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...
WebRTC payment skimmer
Malware Activity
First: 26.03.2026 08:53
Last: 26.03.2026 08:53
Sources 1
About this happening:
A **new payment skimmer** has been identified using **WebRTC data channels** to load payloads and steal payment data from **e-commerce sites**, bypassing common security controls....
WebRTC payment skimmer
Malware ActivityAbout this happening: A **new payment skimmer** has been identified using **WebRTC data channels** to load payloads and steal payment data from **e-commerce sites**, bypassing common security controls....
Timeline
-
24.09.2025 14:03 2 articles · 8mo ago
Stripe iframe skimmer campaign targeting merchants
Initial DisclosureIn **August 2024**, attackers began using **malicious JavaScript** on vulnerable checkout pages to replace legitimate **Stripe** iframes with fake overlays. The skimming operation quickly spread across merchant sites and had already reached **49 merchants**.
Show sources
- iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks — thehackernews.com — 24.09.2025 14:03
- iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks — thehackernews.com — 24.09.2025 14:03