Updated on 2022-12-07
A newly spotted web skimming campaign, active since at least 2021, has infected 40 e-commerce sites. The threat actor, Group X, leveraged a unique supply-chain technique. Read more: Defcon Skimming: A new batch of Web Skimming attacks
Updated on 2022-12-06: Groups X, Y, Z
Jscrambler researchers have an analysis of recent Magecart web skimming operations carried out by three groups they are tracking as Group X, Group Y, and Group Z. Read more: Defcon Skimming: A new batch of Web Skimming attacks
Updated on May 2022: Web skimming attacks
Microsoft has a good review on web skimming attacks and the latest techniques these groups are using these days.
Overview: Magecart attacks
Sucuri said it found a web skimming operation attacking WooCommerce-based shops that exfiltrates payment card data to Telegram channels.