Google has addressed a vulnerability in its Cloud Run service, known as the ImageRunner flaw, which allowed attackers with limited access to pull private container images and inject malicious code. This issue was linked to improper Identity and Access Management (IAM) configurations, potentially exposing sensitive data. The flaw has now been patched following its discovery. Additionally, a separate campaign exploiting the legacy Stripe API has emerged, targeting over 49 websites, including WooCommerce and WordPress, to steal credit card information through web skimming techniques. This campaign utilizes a fake iframe to clone legitimate Stripe buttons, enabling the validation of stolen payment cards.