Cybersecurity researchers have warned about a new credit card skimmer malware that targets WordPress e-commerce checkout pages. The stealthy malware silently injects malicious JavaScript into database entries to steal sensitive payment details. It only activates on checkout pages, either by hijacking existing payment fields or injecting a fake credit card form. The stolen data, including credit card details and billing information, is then encoded and encrypted before being transmitted to an attacker-controlled server.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is