PT-2026-41419

Name of the Vulnerable Software and Affected Versions Funnel Builder affected versions not specified Description An SQL injection flaw in the Funnel Builder plugin allows attackers to inject payment skimmers into WooCommerce checkout pages. This issue enables script propagation across all checkou...

Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that's...

CronRAT targets Linux servers with e-commerce attacks

There’s an interesting find over at the Sansec blog, wrapping time and date manipulation up with a very smart RAT attack. The file, named CronRAT, isn’t an e-commerce attack compromising payment terminals in physical stores. Rather, it looks to swipe payment details by going after vulnerable web...

Ticketmaster Scores Hefty Fine Over 2018 Data Breach

Ticketmaster’s UK division has been slapped with a $1.65 million fine by the Information Commissioner’s Office ICO in the UK, over its 2018 data breach that impacted 9.4 million customers. The fine £1.25million has been levied after the ICO found that the company “failed to put appropriate securi...

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said. Welcart e-Commerce is a free WordPress plugin that has more than...