Stripe
-
Malicious NuGet package impersonated Stripe library and logged 180,000 downloads
A malicious NuGet package posing as a Stripe payments library was uploaded on February 16, 2026 and amassed over 180,000 downloads across 506 versions before removal. Researchers documented the campaign.
-
Long running web skimmer targeted major payment networks since 2022
A technical analysis found a web skimming campaign active since January 2022 that targeted major payment networks and used obfuscated JavaScript to harvest payment and personal data from checkout pages.
