Threat hunters warn of a sophisticated web skimming campaign that uses a deprecated API from payment processor Stripe to steal and validate payment information. Researchers believe the operation is more efficient and harder to detect. The activity, ongoing since August 2024, affects an estimated 49 merchants. The attackers likely exploit vulnerabilities in WooCommerce, WordPress, and PrestaShop, and may also be impersonating other payment forms and adding crypto payment options.
Breach of F5 requires “emergency action” from BIG-IP users, feds warn
Thousands of networks—many of them operated by the US government and Fortune 500 companies—face an “imminent threat” of being breached by a nation-state hacking group
