Technology
Web skimming attacks target major payment networks
NEWYou can now listen to Fox News articles!
Online shopping feels familiar and fast, but a hidden threat continues to operate behind the scenes.
Researchers are tracking a long-running web skimming campaign that targets businesses connected to major payment networks. Web skimming is a technique where criminals secretly add malicious code to checkout pages so they can steal payment details as shoppers type them in.
These attacks work quietly inside the browser and often leave no obvious signs. Most victims only discover the problem after unauthorized charges appear on their statements.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
WHATSAPP WEB MALWARE SPREADS BANKING TROJAN AUTOMATICALLY
Web skimming attacks hide inside checkout pages and steal card details as shoppers type them in. (Kurt “CyberGuy” Knutsson)
What Magecart is and why it matters
Magecart is the name researchers use for groups that specialize in web-skimming attacks. These attacks focus on online stores where shoppers enter payment details during checkout. Instead of hacking banks or card networks directly, attackers slip malicious code into a store’s checkout page. That code is written in JavaScript, which is a common type of website code used to make pages interactive. Legitimate sites use it for things like forms, buttons and payment processing.
In Magecart attacks, criminals abuse that same code to secretly copy card numbers, expiration dates, security codes and billing details as shoppers type them in. The checkout still works, and the purchase goes through, so there is no obvious warning sign. Magecart originally described attacks against Magento-based online stores. Today, the term applies to web-skimming campaigns across many e-commerce platforms and payment systems.
Which payment providers are being targeted?
Researchers say this campaign targets merchants tied to several major payment networks, including:
- American Express
- Diners Club
- Discover, a subsidiary of Capital One
- JCB Co., Ltd.
- Mastercard
- UnionPay
Large enterprises that rely on these payment providers face a higher risk due to complex websites and third-party integrations.
700CREDIT DATA BREACH EXPOSES SSNS OF 5.8M CONSUMERS
Criminals use hidden code to copy payment data while the purchase still goes through normally. (Kurt “CyberGuy” Knutsson)
How attackers slip skimmers into checkout pages
Attackers usually enter through weak points that are easy to overlook. Common entry paths include vulnerable third-party scripts, outdated plugins and unpatched content management systems. Once inside, they inject JavaScript directly into the checkout flow. The skimmer monitors form fields tied to card data and personal details, then quietly sends that information to attacker-controlled servers.
Why web skimming attacks are hard to detect
To avoid detection, the malicious JavaScript is heavily obfuscated. Some versions can remove themselves when they detect an admin session, which makes inspections appear clean. Researchers also found the campaign uses bulletproof hosting. These hosting providers ignore abuse reports and takedown requests, giving attackers a stable environment to operate. Because web skimmers run inside the browser, they can bypass many server-side fraud controls used by merchants and payment providers.
Who Magecart web skimming attacks affect most
Magecart campaigns impact three groups at the same time:
- Shoppers who unknowingly give up card data
- Merchants whose checkout pages are compromised
- Payment providers that detect fraud after the damage is done
This shared exposure makes detection slower and response more difficult.
NEW MALWARE CAN READ YOUR CHATS AND STEAL YOUR MONEY
Simple protections like virtual cards and transaction alerts can limit damage and expose fraud faster. (Kurt “CyberGuy” Knutsson)
How to stay safe as a shopper
While shoppers cannot fix compromised checkout pages, a few smart habits can reduce exposure, limit how stolen data is used, and help catch fraud faster.
1) Use virtual or single-use cards
Virtual and single-use cards are digital card numbers that link to your real credit or debit account without exposing the actual number. They work like a normal card at checkout, but add an extra layer of protection. Most people already have access to them through services they use every day, including:
Major banks and credit card issuers that offer virtual card numbers inside their apps
Mobile wallet apps like Apple Pay and Google Pay generate temporary card numbers for online purchases, keeping your real card number hidden.
Some payment apps and browser tools that create one-time or merchant-locked card numbers
A single-use card typically works for one purchase or expires shortly after use. A virtual card can stay active for one store and be paused or deleted later. If a web skimming attack captures one of these numbers, attackers usually cannot reuse it elsewhere or run up repeat charges, which limits financial damage and makes fraud easier to stop.
2) Turn on transaction alerts
Transaction alerts notify you the moment your card is used, even for small purchases. If web skimming leads to fraud, these alerts can expose unauthorized charges quickly and give you a chance to freeze the card before losses grow. For example, a $2 test charge on your card can signal fraud before larger purchases appear.
3) Lock down financial accounts
Use strong, unique passwords for banking and card portals to reduce the risk of account takeover. A password manager helps generate and store them securely.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
4) Install strong antivirus software
Strong antivirus software can block connections to malicious domains used to collect skimmed data and warn you about unsafe websites.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
5) Use a data removal service
Data removal services can reduce how much personal information is exposed online, making it harder for criminals to pair stolen card data with full identity details.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
6) Watch for unexpected card activity
Review statements regularly, even for small charges, since attackers often test stolen cards with low-value transactions.
Kurt’s key takeaways
Magecart web skimming shows how attackers can exploit trusted checkout pages without disrupting the shopping experience. While consumers cannot fix compromised sites, simple safeguards can reduce risk and help catch fraud early. Online payments rely on trust, but this campaign shows why that trust should always be paired with caution.
Does knowing how web skimming works make you rethink how safe online checkout really is? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
We’ve seen Axiom Space and Prada’s collaboration on the Axiom Extravehicular Mobility Unit (AxEMU) spacesuit. Now the company has revealed the Liquid Cooling and Ventilation Garment (LCVG) that astronauts will wear underneath it when Artemis IV returns humans to the Moon in 2028.
The LCVG is the all-important base layer that will keep the crew cool and comfortable while inside the AxEMU and on spacewalks. Cold water is circulated through tubes embedded in the suit to whisk heat away from astronauts’ bodies. And, should the primary system fail, there is a backup, unlike older cooling suits. The LCVG also houses the ventilation system that supplies fresh oxygen to the AxEMU helmet and directs exhaled CO2 to a scrubber for recirculation.
The collaboration between Axiom Space and Prada isn’t the first time NASA has gotten involved with a project that blended high-tech materials and manufacturing with high-fashion design. It also funded the BioSuit concept created by MIT professor Dava Newman with help from renowned architect Guillermo Trotti.
Technology
Antares reaches reactor criticality under Trump pilot program, marking major nuclear milestone
NEWYou can now listen to Fox News articles!
Antares Nuclear, Inc. announced Thursday that its Mark-0 microreactor achieved criticality at Idaho National Laboratory, becoming the first advanced reactor to reach the milestone under a U.S. Department of Energy pilot program established after President Donald Trump’s 2025 executive order aimed at accelerating nuclear development.
The Torrance, California-based company said the reactor reached initial criticality under DOE authorization, making Antares the first private company to bring an advanced reactor to criticality through the Department of Energy’s Reactor Pilot Program.
“Hitting our commitments is everything to us. Nuclear in America has been defined for too long by delays, by companies that said they would and then didn’t,” Antares CEO Jordan Bramble said. “We said criticality in 2026, electricity production in 2027, and power to the warfighter in 2028. Today is the first of those commitments delivered on the schedule we set.”
Criticality occurs when a reactor achieves a self-sustaining nuclear chain reaction, a major milestone in reactor development. Antares said the demonstration validated key reactor physics parameters and produced testing data and control system performance information that will support future reactor development.
NEWT GINGRICH, JASON HAYES: THERE’S A NUCLEAR SOLUTION TO RECHARGING AMERICAN INDUSTRY
Energy Secretary Chris Wright said Antares Nuclear’s Mark-0 microreactor became the first privately developed non-light-water reactor to achieve criticality in the U.S. in more than four decades under the Department of Energy’s Reactor Pilot Program. (F. Carter Smith/Bloomberg)
The Department of Energy confirmed the achievement Thursday, describing it as the first privately developed non-light-water reactor to reach criticality in the U.S. in more than four decades.
“Today’s achievement is a historic moment for American nuclear energy,” Energy Secretary Chris Wright said in a statement. “By bringing the first American non-light water privately developed reactor to criticality in more than four decades, Antares has shown what is possible when American innovation is unleashed.”
The milestone comes just over a year after Trump signed four executive orders directing the federal government to accelerate reactor testing, expand domestic nuclear fuel production and streamline pathways for advanced nuclear technologies.
FLORIDA REPUBLICAN’S BILL WOULD MAKE TRUMP ORDERS PERMANENT IN BID FOR US ‘DOMINANCE’ IN KEY INDUSTRY
President Donald Trump holds a signed executive order in the Oval Office. Antares Nuclear said its Mark-0 microreactor achieved criticality under a Department of Energy pilot program created after Trump’s 2025 executive orders aimed at accelerating advanced nuclear reactor development. File photo. (Anna Moneymaker/Getty Images)
One of those orders, Executive Order 14301, directed the Department of Energy to establish a pilot program designed to speed testing and demonstration of advanced reactor designs. The administration set a goal of achieving criticality for advanced reactor concepts by July 4, 2026.
“The President and DOE set an ambitious timeline for reactor testing, and we met that challenge,” Bramble said. “I want to thank our partners at the Department of Energy, Idaho National Lab, BWXT, and the U.S. Army. This is what happens when industry and government work together to accomplish big things.”
Antares said the criticality demonstration was conducted in partnership with the Department of Energy, Idaho National Laboratory and BWX Technologies, while the U.S. Army participated as a future end user of the technology.
DEPARTMENT OF WAR TRANSPORTS NEXT-GENERATION REACTOR IN NUCLEAR ENERGY MILESTONE
The company said the Mark-0 used TRISO fuel fabricated by BWXT and benefited from fuel technology developed through Project Pele, a Defense Department effort to build transportable microreactors for military applications.
DOE officials said the achievement demonstrates the potential of the Reactor Pilot Program.
“The skeptics didn’t believe President Trump’s Reactor Pilot Program could achieve criticality in less than a year,” Assistant Secretary of Nuclear Energy Ted Garrish said. “Today, we celebrate the first of the pilot projects to reach criticality and the people who rolled up their sleeves to shape the future of nuclear energy in the United States.”
The company said engineers gained critical insight into reactor physics, control systems and supply chain performance during the demonstration. The data will be used to support future reactor development and eventual commercial licensing.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
“We went from concept to a critical reactor, safely, in less than 12 months. That doesn’t happen by accident. The team treated the schedule as non-negotiable,” Bramble said. “For the American nuclear renaissance to succeed, we need efficient, iterative reactor testing, not a decade per design.”
Antares said it expects to begin producing electricity from the same facility in 2027 and remains on track to deploy electricity-generating microreactors to U.S. military installations by 2028.
Both Sony and Microsoft used their showcases as a way to confirm they’re refocusing on tried-and-true strategies like exclusive games and single-player blockbusters. Meanwhile, every publisher in existence seemed to be avoiding going up against Grand Theft Auto VI on the release calendar, and there were some very welcome game announcements, particularly if you’re a fan of Final Fantasy or Persona.
If you couldn’t keep up with everything live, here are the most important storylines to catch up on.
After an ill-fated — and very expensive — foray into live-service games, it appears that Sony’s gaming division has a renewed focus on the single-player epics it’s known for. The company’s showcase was dominated by Insomniac’s Wolverine and the surprise announcement of God of War Laufey.
The next Grand Theft Auto wasn’t featured in any of the SGF showcases, but its presence was still felt. While lots of games got release dates, virtually none of them were during November, which just so happens to be when GTA VI launches. Instead, we have a very busy September and plenty of titles pushed into 2027.
Alan Wake studio Remedy hit a snag with the disastrous launch of the multiplayer shooter FBC: Firebreak. But based on our time with the upcoming sequel Control Resonant, it appears the developer is getting back to what it’s best at: mind-bending single-player action games.
Indie duo Metanet is back with yet another return to its N series of platformers, but this time the focus is on multiplayer. And for fans of the hidden object game Hidden Folks, it’s also getting a sequel, which will launch a full decade after the original.
We knew it was coming, and now it’s official: The third and final installment of the FFVII remake trilogy is coming. It’s called Revelation, and it launches next spring across basically all platforms simultaneously. And yes, Queen’s Blood is coming back.
It’s been a long wait since Persona 5, and it’ll likely still be a while longer. Atlus confirmed Persona 6 exists, but the developer didn’t provide much in the way of detail, suggesting that the RPG is still fairly early in development.
After years of pushing on a multiplatform strategy, Microsoft is reversing course — at least a little bit. Its next big Xbox Game Studios title, Gears of War: E-Day, will be an Xbox console exclusive, whereas many expected it to come to the PS5, much like last year’s Gears remake. However, outside of Gears, many first-party titles from Xbox — like Fable and Halo — are still coming to PlayStation, so it’s unclear just how significant this change is.
-
Lifestyle30 minutes agoTony Award winners list: ‘Schmigadoon!’ wins best musical, ‘Death of a Salesman’ lives on
-
Technology38 minutes agoNASA will wear high-tech Prada long johns to the Moon
-
World45 minutes agoHezbollah’s secret ‘kill, wound and maim’ bomb network exposed as Israel strikes Beirut
-
Politics48 minutes agoRaman overtakes Spencer Pratt in razor-thin race, AP count shows, but race remains uncalled
-
Health60 minutes agoScientists reveal surprising brain benefit of laughter: ‘It’s a mental workout’
-
Sports1 hour agoKetel Marte frustrating Diamondbacks by opting to take days off with trade deadline looming: report
-
Technology1 hour agoAntares reaches reactor criticality under Trump pilot program, marking major nuclear milestone
-
Business1 hour agoEx-girlfriend of former Google CEO Eric Schmidt ordered to pay him $10 million after rape accusations
