Stripe
Credit card theft campaign abuses Stripe to host stolen payment info
A new Magecart campaign is using Stripe’s API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious activity relies on Google Tag Manager and Stripe domains – googletagmanager.com and api.stripe.com – that are trusted implicitly by online stores. The new malware family was discovered by researchers at […]
European Space Agency’s official store hacked to steal payment cards
European Space Agency’s official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout. With a budget over 10 billion euros, the mission of the European Space Agency (ESA) is to extend the limits of space activities by training astronauts and building rockets and […]
WPForms bug allows Stripe refunds on millions of WordPress sites
A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. Tracked under CVE-2024-11205, the flaw was categorized as a high-severity problem due to the authentication prerequisite. However, given that membership systems are available on most sites, exploitation may be fairly […]