Web Skimming Campaign Targets 49+ Sites Using Legacy Stripe API; Apache Parquet Flaw CVE-2025-30065 CVSS 10.0 Discovered

A recent web skimming campaign has exploited the legacy Stripe API to steal credit card information from over 49 online sites, including platforms like WooCommerce, WordPress, and PrestaShop. The campaign utilizes a fake iframe that mimics a legitimate Stripe screen, allowing attackers to validate stolen payment cards. This vulnerability highlights the emerging threat of API skimming techniques in cybersecurity, prompting urgent calls for affected businesses to enhance their security measures. In addition, a critical flaw (CVE-2025-30065) has been identified in the Apache Parquet Java library, with a CVSS score of 10.0, which allows remote attackers to execute arbitrary code through compromised files. Security experts are advising immediate patching for systems that interact with untrusted Parquet files to mitigate potential risks.