Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens. One of the extensions in question is Amazon Ads Blocker ID: pnpchphmplpdimbllknjoiopmfphellj, which...

I Know What You Bought Last Summer: Investigating User Data Leakage in E-Commerce Platforms

In the digital age, e-commerce has transformed the way consumers shop, offering convenience and accessibility. Nevertheless, concerns about the privacy and security of personal information shared on these platforms have risen. In this work, we investigate user privacy violations, noting the risks...

Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented...

Chinese Silent Skimmer Attack Hits Businesses in APAC and NALA regions

By Deeba Ahmed They Key targets of the Silent Skimmer attack are companies creating/hosting payment infrastructure, including e-commerce platforms and POS point of sales systems providers. This is a post from HackRead.com Read the original post: Chinese Silent Skimmer Attack Hits Businesses in AP...

Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code

Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection. "It's a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and...

Beneath the surface: Uncovering the shift in web skimming

Microsoft security researchers recently observed that web skimming campaigns now employ various obfuscation techniques to deliver and hide skimming scripts. It’s a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management...

Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack

A zero-day remote code-execution RCE bug in the Magento 2 and Adobe Commerce platforms has been actively exploited in the wild, Adobe said – prompting an emergency patch to roll out over the weekend. The security vulnerability bug CVE-2022-24086 is a critical affair, allowing pre-authentication R...

New Payment Data Stealing Malware Hides in Nginx Process on Linux Servers

E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. "This novel code injects itself into a host Nginx application and is nearly...

Criminals hack Tupperware website with credit card skimmer

Update 2: A spokesperson for Tupperware has given a public statement to Alex Scroxton, Security Editor at ComputerWeekly. You can read it here. Update: Following our blog post, we continued to monitor the Tupperware website. As of 03/25 at 1:45 PM PT, we noticed that the malicious PNG file had be...

Feds Seize Over 20,500 Domain Names For Selling Counterfeit Products

In a coordinated International cyber operation, law enforcement agencies have seized over 20,520 website domains for illegally selling counterfeit products, including luxury products, sportswear, electronics, pharmaceuticals and online piracy on e-commerce platforms and social networks...

Hackers with Credit Card Scrapers Continue to Target Magento

Attackers continue to take aim at the e-commerce platform Magento. Researchers said last week they came across a malicious function snuck into one of the platform’s modules in order to steal credit card information. Code for the function was injected into a .php file for SF9 Realex, a module that...

Ghosts, goblins Grinch: Bash broken shell shellshock a more serious Linux vulnerability-vulnerability warning-the black bar safety net

Security researcher at the Linux operating system found in a group called the ghosts, goblins（Grinch's vulnerability, the vulnerability exists in the linux system, and Bash broken shell shellshock）vulnerabilities in victim machines to get the highest permissions. Ghosts, goblins overview Bash...