Magecart attackers compromised at least 374 e-commerce sites running end-of-life Magento in a day, including planting 19 backdoors on a single website through SQL injection on a vulnerable plugin.
Sansec researchers found a new Magecart credit card skimmer capable of exfiltrating payment information from stores on multiple eCommerce platforms, including ZenCart, WooCommerce, Shopify and BigCommerce.
Magecart cybercrime group appears to have broaden their supply chain attacks to target more sites by going after third-party advertising vendors that works with media or entertainment websites.