CyberSecurityBoard
Sponsor Register Login

New Magecart Skimmer Attack Targets E-commerce Sites

A new Magecart skimmer attack has been identified targeting e-commerce websites, posing significant risks to online shoppers and merchants. Magecart, a notorious cybercriminal group, specializes in injecting malicious JavaScript skimmers into payment pages to steal credit card information during transactions. This latest campaign involves sophisticated techniques to evade detection and compromise customer data. The attack exploits vulnerabilities in third-party scripts and content delivery networks, allowing the skimmer to remain hidden for extended periods. Businesses affected by this attack face potential financial losses, reputational damage, and regulatory penalties due to data breaches. Cybersecurity experts recommend immediate action, including thorough website audits, enhanced monitoring of third-party scripts, and implementation of Content Security Policies (CSP) to mitigate risks. Additionally, customers are advised to monitor their financial statements closely and report any suspicious activity promptly. This incident underscores the growing threat of supply chain attacks in the e-commerce sector and highlights the need for robust security measures to protect sensitive payment information.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 17 Sep 2025 19:30:09 +0000


Cyber News related to New Magecart Skimmer Attack Targets E-commerce Sites

New Magecart Skimmer Attack Targets E-commerce Sites - A new Magecart skimmer attack has been identified targeting e-commerce websites, posing significant risks to online shoppers and merchants. Magecart, a notorious cybercriminal group, specializes in injecting malicious JavaScript skimmers into payment ...
3 weeks ago Cybersecuritynews.com Magecart
Revolutionizing Commerce With AI - Picture a future where commerce is not just an exchange of goods and services but an intricate relationship of data, insights, and artificial intelligence. The AI revolution in commerce is redefining how we approach buying, selling, and market ...
1 year ago Feeds.dzone.com
E-commerce Security: Protecting Customer Data - In today's digital landscape, ensuring the security of customer data in e-commerce is a crucial concern for businesses. Protecting e-commerce data security is a complex task that requires a comprehensive understanding of the challenges faced by ...
1 year ago Securityzap.com
Thousands of Adobe Commerce e-stores hacked by exploiting CosmicSting bug - Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. Over ...
1 year ago Securityaffairs.com CVE-2024-34102
Exploring Blockchain's Revolutionary Impact on E-Commerce - The trend of choosing online shopping over traditional in-store visits is on the rise, with e-commerce transactions dominating the digital landscape. Blockchain technology emerges as a solution to bolster the security of online transactions. ...
1 year ago Cysecurity.news Inception
CVE-2021-2345 - Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low ...
4 years ago
CVE-2021-2346 - Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low ...
4 years ago
4500+ WordPress Sites Hacked with a Monero Cryptojacking Campaign - Security researchers recently reported the discovery of a massive Monero hacking campaign targeted at WordPress sites. According to reports, more than 4500 WordPress sites were compromised with a malicious cryptocurrency-mining campaign. The hackers ...
2 years ago Thehackernews.com
Police Warn Hundreds of Online Merchants of Skimmer Infections - More than 400 online merchants were notified of digital skimmer infections in a coordinated international operation, Europol announced. Law enforcement agencies in 17 countries participated in this effort to identify infected ecommerce sites and ...
1 year ago Securityweek.com
Police Warn Hundreds of Online Merchants of Skimmer Infections - More than 400 online merchants were notified of digital skimmer infections in a coordinated international operation, Europol announced. Law enforcement agencies in 17 countries participated in this effort to identify infected ecommerce sites and ...
1 year ago Packetstormsecurity.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com
Scammers Unleash Flood of Slick Online Gaming Sites – Krebs on Security - The financial part of this scam begins when users try to cash out any “winnings.” At that point, the gaming site will reject the request and prompt the user to make a “verification deposit” of cryptocurrency — typically ...
2 months ago Krebsonsecurity.com
Cyber Monday Kicks Off Holiday Shopping Season With E-Commerce Security Risks - The post-Thanksgiving e-commerce shopping event known as Cyber Monday draws millions of consumers each year seeking out bargains online - to the tune of $11 billion in 2022. Amid the purchasing spree, consumers routinely share sensitive personally ...
1 year ago Darkreading.com
Leeds United And Reflectiz Partner To Share Insights On Proactive Web Security After Cyber Attack - This live webinar will feature Graham Peck, Head of IT and Security at Leeds United, whowill provide a firsthand account of the Magecart attack on the club’s online shop in February2025. Thisessential webinar will delve into the critical topic ...
3 months ago Cybersecuritynews.com
Website of Canadian Liquor Distributor LCBO Infected with Web Skimmer - The website of Canadian liquor distributor LCBO (Liquor Control Board of Ontario) was recently discovered to be infected with a web skimmer. This malicious code was designed to steal customers’ personal and payment card data during the checkout ...
2 years ago Securityweek.com
CVE-2020-14536 - Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Workbench). Supported versions that are affected are 11.0, 11.1, 11.2 and prior to 11.3.1. Difficult to exploit ...
5 years ago
Malware Operation 'DollyWay' Hacked 20,000+ WordPress Sites Globally - The DollyWay malware primarily targets WordPress sites, leveraging a network of compromised sites to redirect visitors to scam pages through traffic broker networks. It injects redirect scripts into sites using files like wp-content/counts.php. These ...
6 months ago Cybersecuritynews.com
CVE-2024-50002 - In the Linux kernel, the following vulnerability has been resolved: static_call: Handle module init failure correctly in static_call_del_module() Module insertion invokes static_call_add_module() to initialize the static calls in a module. ...
11 months ago Tenable.com
Hackers Planting Credit Card Skimmers Using Google Tag Manager - Recently, it has been reported that Magecart Veteran ATMZOW has found 40 new domains of Google Tag Manager. As a result, thousands of websites have been affected by this security breach. Hackers enjoy Google Tag Manager because millions of websites ...
1 year ago Cybersecuritynews.com
New Magecart Attack With Malicious JavaScript Steals Credit Card Data - The attack progression follows four distinct phases: initial back-end access using stolen credentials, web shell installation for persistent control, database poisoning through injection of obfuscated code, and finally, the credit card theft phase ...
5 months ago Cybersecuritynews.com
New Web Skimming Attack Uses Legacy Stripe API to Validate Stolen Card Details - In a report shared with Cyber Security News, Jscrambler researchers highlighted that the attack operates through a multi-stage process designed to evade detection while harvesting payment information. Second, since security researchers often use ...
6 months ago Cybersecuritynews.com
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware - Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. The flaw leveraged in the attacks is tracked as CVE-2023-6000, a cross-site ...
1 year ago Bleepingcomputer.com CVE-2023-6000
Malware campaign 'DollyWay' breached 20,000 WordPress sites - A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. DollyWay v3 is an advanced redirection operation that targets vulnerable WordPress ...
6 months ago Bleepingcomputer.com
CVE-2021-2348 - Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low ...
4 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)