Find notable cyber news and cases, enriched with sources, timelines, and signals.

Major web skimming campaign targeting payment networks

Campaign
First reported
Last updated
Happening score
H score 36
2 unique sources, 3 articles

Summary

Hide ▲

A long-running Magecart web-skimming campaign has been active since 2022 and targets checkout flows tied to American Express, Diners Club, Discover, JCB, Mastercard, and UnionPay. The attackers use malicious JavaScript on compromised e-commerce sites to intercept payment and contact details in the browser, making the theft hard for site owners and shoppers to notice. Silent Push linked the infrastructure to PQ.Hosting/Stark Industries and identified obfuscated scripts such as cdn-cookie[.]com/recorder.js. The campaign matters because it can capture cardholder data and personal information at checkout, enabling identity and payment fraud.

Related Happenings

Shop fake receipt callback phishing campaign

Campaign
H score29 First: 25.06.2026 22:45 Last: 25.06.2026 22:45 Sources 1

About this happening: Threat actors are **abusing Shop** by planting **fake purchase receipts** in order histories, turning a trusted shopping app into a **callback-phishing lure** that can expose **ac...

GorgonAgora fake .shop card-skimming campaign

Campaign
H score84 First: 05.06.2026 11:38 Last: 05.06.2026 11:38 Sources 1

About this happening: The **GorgonAgora** campaign is using **5,714 fake .shop storefronts** to steal payment data, widening card-theft risk across brand-impersonation checkout pages. The operation has...

Magecart Stripe and Google Tag Manager card-skimming campaign

Campaign
H score36 First: 04.06.2026 23:47 Last: 04.06.2026 23:47 Sources 1

About this happening: The **Magecart** campaign is abusing **Stripe's API infrastructure** and **Google Tag Manager** containers to steal checkout data from **Magento/Adobe Commerce** stores. The skimm...

WordPress malware campaign using Steam profile C2 concealment

Campaign
H score37 First: 01.06.2026 20:04 Last: 01.06.2026 20:04 Sources 1

About this happening: A **WordPress malware campaign** has infected about **1,980 websites** since **July 2025**, and it hides **command-and-control (C2) data** in **Steam Community profile comments**...

Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw

Vulnerability
H score72 First: 16.05.2026 18:20 Last: 16.05.2026 18:20 Sources 1

About this happening: **Funnel Builder** for **WordPress** is under **active exploitation** for arbitrary JavaScript injection into **WooCommerce checkout pages**, creating payment-skimming risk across...

Timeline

  1. 13.01.2026 19:30 4 articles · 5mo ago

    Silent Push discloses major web skimming campaign

    Initial Disclosure

    Silent Push disclosed a long-running web skimming campaign active since January 2022 that targets enterprise organizations tied to American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. The operation abuses cdn-cookie[.]com to deliver obfuscated JavaScript payloads such as recorder.js and tab-gtm.js, checks WordPress for wpadminbar to avoid administrator sessions, replaces legitimate Stripe checkout pages with a fake payment form, and exfiltrates stolen cardholder and personal data to lasorie[.]com.

    Show sources