Experts find credit card skimmer hidden in 1×1 SVG imageFake “Secure Checkout” overlay stole card dataLikely exploited Magento PolyShell flaw, affecting many storesSecurity researchers recently found a credit card skimmer on almost a hundred compromised ecommerce websites hiding in a tiny image.Experts from Sansec reported finding 1×1-pixel Scalable Vector Graphics (SVG) elements with an ‘onload’ handler inside many e-commerce websites’ HTML.“The onload handler contains the entire skimmer payload, base64-encoded inside an atob() call and executed via setTimeout,” the researchers said. They explained that with this technique, the attackers did not have to create external script references that usually get picked…
Author: admin
Ravie LakshmananApr 09, 2026Hacking News / Cybersecurity News Thursday. Another week, another batch of things that probably should’ve been caught sooner but weren’t. This one’s got some range — old vulnerabilities getting new life, a few “why was that even possible” moments, attackers leaning on platforms and tools you’d normally trust without thinking twice. Quiet escalations more than loud zero-days, but the kind that matter more in practice anyway. Mix of malware, infrastructure exposure, AI-adjacent weirdness, and some supply chain stuff that’s… not great. Let’s get into it. Resilient hybrid botnet surge A new variant of the botnet known as Phorpiex (aka Trik) has been observed, using…
The next time you ask an AI what product to buy, which agency to hire, or which software platform actually works, pay attention to where the answer comes from. Increasingly, it does not come from the vendor’s own website. It comes from a stranger’s Reddit comment written eighteen months ago, upvoted 847 times by people who tried the thing themselves. This is not an accident. It’s architecture. The Reddit Effect The financial architecture behind Reddit’s presence in AI answers became public in early 2024. Google signed an initial licensing agreement with Reddit worth a reported $60 million per year, with…
NotebookLM is the one AI tool I never get tired of talking about. It’s unlike anything else I’ve tried. It serves a genuinely unique purpose and isn’t trying to cram every trending feature into a single tool. Instead, every update feels intentional, and it just keeps getting better in ways that actually matter. A personal knowledge base is absolutely essential for me, and I’ve been exploring ways to AI-fy mine for months now. I settled on using NotebookLM as my go-to hub for it. After spending time building it out, I’m more convinced than ever that it was the right…
In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ that’s been introduced in the codebase 13 years ago. The vulnerability was patched in late March 2026 and there’s currently no indication that it is being actively exploited by attackers. Neveretheless, with ActiveMQ vulnerabilities having been previously leveraged for ransomware and malware attacks, organizations should update their installations and look for potential indicators of compromise. About CVE-2026-34197 CVE-2026-34197 is a improper input validation and code injection vulnerability in the popular…
Every company I talk to right now is convinced they have an AI problem.
Car infotainment systems like Android Auto and Apple CarPlay make driving a million times more enjoyable. The easy access to navigation, the simplicity of listening to music and podcasts, and even the ability to play little games while parked are a huge step up from previous iterations. Unfortunately, if you’re an Android user who shares your car with an iPhone user, you could get frustrated with switching between the two to the point that you aren’t enjoying all that these systems offer. That’s why finding a way to swap between Android Auto and Apple CarPlay is so important. Related I…
New York, NY: Minimus, a leading solution to secure container images which eliminate CVE risk, shares that Yael Nardi is now its new Chief Business Officer (CBO). In this newly created role, Nardi will lead the company’s next phase of scale, overseeing top-of-funnel growth strategy, operations, and corporate development. As the market landscape evolves and AI affects customer acquisition, Minimus is implementing an operational model to scale marketing funnels and strategic alliances, which Nardi will manage. “We are entering a phase of aggressive expansion that requires rigorous execution and a completely new playbook. Traditional marketing strategies are no longer enough in today’s…
Cyberattacks rarely come out of nowhere—threat actors often leave behind signals long before an intrusion begins. On Thursday, April 30, 2026 at 2:00 PM ET, BleepingComputer will host a live webinar titled “From noise to signal: What threat actors are targeting next” with Tammy Harper, Threat Intelligence Researcher at RansomLook. The webinar explores how security teams can monitor early warning signs across underground communities and translate them into actionable defense. We will examine how threat actors use dark web forums, Telegram channels, and access broker marketplaces to coordinate attacks, share vulnerabilities, and advertise compromised access, often revealing their intentions weeks before an…
Privacy laws are tightening, browser extensions are blocking data, and ad platforms are demanding cleaner data. As a result, how you track user behavior online is changing fast. Server-side tagging can help you reduce data loss while collecting cleaner, privacy-compliant data. Here’s what server-side tagging is, when it makes sense to implement it, and our experience with providers like Elevar and Littledata. What is server-side tagging? Traditionally, tracking scripts like Meta Pixel or Google Analytics run in the browser. This is client-side (browser-side) tagging. With server-side tagging, those scripts run on a server you control instead of the visitor’s browser.…