Stripe | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net , a legitimate library from Stripe that has over 75 million downloads. It was uploaded by a user named StripePayments on February 16, 2026. The package is no longer available. "The NuGet page for the malicious package is set up to resemble the official Stripe.net package as closely as possible," ReversingLabs Petar Kirhmajer said . "It uses the same icon as the legitimate package and contains a nearly identical readme, only swapping the 'Stripe.net' references to read 'Stripe-net.'" In a further effort to lend credibility to the typosquatted package, the threat actor behind the campaign is said to have artificially inflated the download count to more than 180,00...

Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit checkout pages and steal credit card data by bypassing the very security policies designed to stop them. Download the complete iframe security guide here .  TL;DR: iframe Security Exposed Payment iframes are being actively exploited by attackers using malicious overlays to skim credit card data. These pixel-perfect fake forms bypass traditional security, as proven by a recent Stripe campaign that has already compromised dozens of merchants. This article explores: Anatomy of the 2024 Stripe skimmer attack. Why old defenses like CSP and X-Frame-Options are failing. Modern attack vectors: overlays, postMessage spoofing, and CSS exfiltration. How third-party scripts in payment iframes create new risks. How the new PCI DSS 4.0.1 rules are forcing merchants to secure the entire page. A six-step defense strategy focusing on real-time mon...

Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment processor Stripe to validate stolen payment information prior to exfiltration. "This tactic ensures that only valid card data is sent to the attackers, making the operation more efficient and potentially harder to detect," Jscrambler researchers Pedro Fortuna, David Alves, and Pedro Marrucho said in a report. As many as 49 merchants are estimated to have been affected by the campaign to date. Fifteen of the compromised sites have taken action to remove the malicious script injections. The activity is assessed to be ongoing since at least August 20, 2024. Details of the campaign were first flagged by security firm Source Defense towards the end of February 2025, detailing the web skimmer's use of the " api.stripe[.]com/v1/sources " API, which allows applications to accept various payment methods. The endpoint has...