Cybersecurity researchers have warned about a new credit card skimmer malware that targets WordPress e-commerce checkout pages. The stealthy malware silently injects malicious JavaScript into database entries to steal sensitive payment details. It only activates on checkout pages, either by hijacking existing payment fields or injecting a fake credit card form. The stolen data, including credit card details and billing information, is then encoded and encrypted before being transmitted to an attacker-controlled server.

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese advanced persistent threat (APT) group exploited CVE-2025-22457, a previously unexploitable buffer overflow bug, to compromise devices running Ivanti Connect Secure (ICS) and