Find notable cyber news and cases, enriched with sources, timelines, and signals.

Obfuscated web skimmer payload targeting Stripe checkout forms

Malware Activity
First reported
Last updated
Happening score
H score 30
2 unique sources, 2 articles

Summary

Hide ▲

Silent Push disclosed a Magecart-style web skimming campaign that has operated since 2022 and targets e-commerce checkout pages tied to at least six major payment networks, including American Express, Mastercard, and UnionPay. The skimmer uses obfuscated JavaScript delivered through infrastructure such as cdn-cookie[.]com/recorder.js to replace legitimate Stripe payment forms with fake ones, capture payment and personal details, and then restore the original page to conceal the theft. The activity was linked to PQ.Hosting/Stark Industries, and the reporting recommends CSP, PCI DSS, MFA, and timely software updates to reduce exposure.

Related Happenings

GorgonAgora fake .shop card-skimming campaign

Campaign
H score84 First: 05.06.2026 11:38 Last: 05.06.2026 11:38 Sources 1

About this happening: The **GorgonAgora** campaign is using **5,714 fake .shop storefronts** to steal payment data, widening card-theft risk across brand-impersonation checkout pages. The operation has...

Magecart Stripe and Google Tag Manager card-skimming campaign

Campaign
H score36 First: 04.06.2026 23:47 Last: 04.06.2026 23:47 Sources 1

About this happening: The **Magecart** campaign is abusing **Stripe's API infrastructure** and **Google Tag Manager** containers to steal checkout data from **Magento/Adobe Commerce** stores. The skimm...

Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw

Vulnerability
H score72 First: 16.05.2026 18:20 Last: 16.05.2026 18:20 Sources 1

About this happening: **Funnel Builder** for **WordPress** is under **active exploitation** for arbitrary JavaScript injection into **WooCommerce checkout pages**, creating payment-skimming risk across...

Funnel Builder security patch release (version 3.15.0.3)

Security Patch Release
H score77 First: 16.05.2026 18:20 Last: 16.05.2026 18:20 Sources 1

About this happening: **FunnelKit** released **version 3.15.0.3** to fix a **Funnel Builder** flaw that was being **actively exploited** to inject malicious JavaScript into **WooCommerce checkout pages...

Vercel v0.dev phishing campaign using GenAI-built lure pages

Campaign
H score29 First: 07.05.2026 11:30 Last: 07.05.2026 11:30 Sources 1

About this happening: A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...

Timeline

  1. 13.01.2026 19:30 3 articles · 5mo ago

    Silent Push discloses long-running web skimming campaign

    Initial Disclosure

    Silent Push discloses a long-running web skimming campaign active since January 2022 that targets major payment-network clients, including organizations tied to American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. The campaign uses cdn-cookie[.]com to deliver obfuscated JavaScript payloads such as recorder.js and tab-gtm.js, detects WordPress administrators through the wpadminbar element, replaces legitimate Stripe checkout forms with fake forms, and exfiltrates names, phone numbers, email addresses, shipping addresses, and payment-card data to lasorie[.]com.

    Show sources