Sophisticated Card Skimmer Targets WordPress Checkout Pages via Database Injection

Executive Summary A sophisticated credit card skimmer malware has been discovered targeting WordPress websites, stealthily injecting malicious JavaScript into the site’s database to steal sensitive payment information. This skimmer, designated malware.magento_shoplift.273 by Securi, specifically activates on checkout pages, either by hijacking legitimate payment fields or injecting fake credit card forms. The stolen data, including credit card…

Read More

Black Basta Evolve Techniques to Deploy Zbot, DarkGate, and Bespoke Malware

Executive Summary Black Basta, according to a new report from SOCRadar, has advanced its tactics by combining new social engineering tactics, malware such as Zbot and DarkGate, and custom tools to infiltrate and compromise targeted networks. With global impact across multiple critical sectors, the group’s innovative methods emphasize the critical need for layered security measures and…

Read More

Cyberhaven Extension Compromise Part of Broader Campaign Affecting Multiple Chrome Extensions

Executive Summary Cyberhaven has announced that their Cyberhaven Chrome extension was compromised on December 25, 2024, after a phishing attack on an administrator account allowed attackers to upload a malicious update (v24.10.4) to the Chrome Web Store. The compromised extension exfiltrated cookies, session tokens, and sensitive user data to an attacker-controlled domain, potentially enabling account…

Read More