News

• OpenCart websites were silently injected with malware that mimics trusted tracking scripts
• Script hides in analytics tags and quietly swaps real payment forms for fake ones
• Obfuscated JavaScript allowed attackers to slip past detection and launch credential theft in real time

A new Magecart-style attack has raised concerns across the cybersecurity landscape, targeting ecommerce websites which rely on the OpenCart CMS.

The attackers injected malicious JavaScript into landing pages, cleverly hiding their payload among legitimate analytics and marketing tags such as Facebook Pixel, Meta Pixel, and Google Tag Manager.

Exepers from c/side, a cybersecurity firm that monitors third-party scripts and web assets to detect and prevent client-side attacks, says the injected code resembles a standard tag snippet, but its behavior tells a different story.

This particular campaign disguises its malicious intent by encoding payload URLs using Base64 and routing traffic through suspicious domains such as /tagscart.shop/cdn/analytics.min.js, making it harder to detect in transit.

At first, it appears to be a standard Google Analytics or Tag Manager script, but closer inspection reveals otherwise.

When decoded and executed, the script dynamically creates a new element, inserts it before existing scripts, and silently launches additional code.

The malware then executes heavily obfuscated code, using techniques such as hexadecimal references, array recombination, and the eval() function for dynamic decoding.

The key function of this script is to inject a fake credit card form during checkout, styled to appear legitimate.

Once rendered, the form captures input across the credit card number, expiration date, and CVC. Listeners are attached to blur, keydown, and paste events, ensuring that user input is captured at every stage.

Importantly, the attack doesn’t rely on clipboard scraping, and users are forced to manually input card details.

After this, data is immediately exfiltrated via POST requests to two command-and-control (C2) domains: //ultracart[.]shop/g.php and //hxjet.pics/g.php.

In an added twist, the original payment form is hidden once the card information is submitted - a second page then prompts users to enter further bank transaction details, compounding the threat.

What stands out in this case is the unusually long delay in using the stolen card data, which took several months instead of the typical few days.

The report reveals that one card was used on June 18 in a pay-by-phone transaction from the US, while another was charged €47.80 to an unidentified vendor.

This breach shows a growing risk in SaaS-based e-commerce, where CMS platforms like OpenCart become soft targets for advanced malware.

There is therefore a need for stronger security measures beyond basic firewalls.

Automated platforms like c/side claim to detect threats by spotting obfuscated JavaScript, unauthorized form injections, and anomalous script behavior.

As attackers evolve, even small CMS deployments must remain vigilant, and real-time monitoring and threat intelligence should no longer be optional for e-commerce vendors seeking to secure their customers’ trust.

• Downloaded something dodgy? These are the best malware removal tools
• Nail the basics with the best firewalls available now
• DOGE employee leaks private xAI API key from sensitive database

• ChatGPT can’t tell if a site was hacked, expired, or repurposed for casino spam
• AI-generated answers may seem reliable, even when they cite completely hijacked and fake sources
• Expired charity domains are reborn as gambling sites and still pass as trustworthy AI sources

ChatGPT is quickly becoming a go-to source for people seeking recommendations, from online services to local businesses, but new evidence suggests its AI-generated suggestions may not always be grounded in trustworthy sources.

In fact, some are being drawn from websites that have either been hacked or whose domains have expired and been repurposed, often to promote online casinos and gambling platforms.

Over the past several months, James Brockbank, managing director and founder at Digitaloft, has been documenting how widespread the problem has become, uncovering examples of ChatGPT citing content from sites that have clearly been manipulated.

In one instance, a functioning legal practice’s website, run by attorney Veronica T. Barton, had pages recommending UK casinos buried within it.

“Their site has been hacked and this page added,” Brockbank noted after reviewing the evidence.

In another case, a site once affiliated with a United Nations youth coalition had been transformed into a platform pushing “casinos not on GamStop.”

Although the listicle it hosted contained only one external link, it led to yet another repurposed domain.

The pattern continued with expired domains, including one that had belonged to a now-defunct arts charity previously linked by the BBC, CNN, and Bloomberg.

That domain, now pushing gambling content, was cited by ChatGPT in response to a query about no-deposit casinos.

These tactics exploit weaknesses in how ChatGPT selects and cites sources, as unlike traditional search engines, the model lacks mechanisms for verifying the legitimacy of a site’s ownership or editorial intent.

As a result, content injected onto compromised websites can surface in its answers without any obvious red flags to the user.

ChatGPT appears to favor recent content and still attributes authority based on legacy domain reputation, even when the domain’s content has no continuity with its past - which opens the door for bad actors to manipulate visibility through means that have little to do with credibility.

The bottom line is that users turning to ChatGPT for recommendations should not assume that every answer is backed by a credible source.

A quick check of the cited site’s authority, its history, ownership, and relevance can go a long way in avoiding misleading or harmful suggestions.

• Trump's "One Big Beautiful Bill" set to award $1 billion funding to "offensive cyber operations"
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now

- The first four episodes will be released on September 4
- Entirely new cast, except for Oscar Nuñez, who reprises his role
- The plot follows a declining Midwestern newspaper
- There's no official trailer yet

The Paper is Peacock's follow-up to the hit NBC series The Office, a beloved sitcom that is one of my firm favorites. This is our first time diving into this world since 2013, and I am intrigued to see how it will play out.

While set in the same universe as The Office, the creators have confirmed that The Paper is set in a new company, and we've moved out of Scranton, Pennsylvania, to a new location.

The Office's Greg Daniels and Late Night with Conan O'Brien's Michael Koman are the ones behind the series, so it looks like it's in good hands.

With The Office being such a hit and a show I quote daily, it'll be interesting to see if The Paper can reach the same highs or, at the very least, be a highly entertaining entry into the mockumentary genre.

Here's everything we know about The Paper so far.

A post shared by Rotten Tomatoes (@rottentomatoes)

A photo posted by on

The Paper will be exclusively on Peacock, with the first four episodes dropping on September 4. It will then have a weekly release schedule with two episodes arriving until the season finale on September 10.

So those wanting to binge-watch might be disappointed, but it's definitely nice having a double bill to enjoy each week after the show's four-episode premiere.

Right now, we don't have an official trailer for The Paper, but we should expect to see it closer to the release date.

When it does drop, it's likely fans will be hopeful that it'll match the quality of its predecessor, so the pressure is on for the new Peacock show. Only time will tell, as we haven't seen any video footage from the show yet.

While we don't have a trailer yet, we do know who will be in the cast, and we've got a very familiar face showing up for a new job.

Oscar Nuñez will reprise his role as The Office’s Oscar Martinez, and he's now working in the accounting department at The Truth Teller.

Speaking about his return at an NBCUniversal Upfront, Nuñez said: “I told Mr. Greg Daniels that if Oscar came back, he would probably be living in a more bustling, cosmopolitan city. Greg heard me, and he moved Oscar to Toledo, Ohio, which has three times the population of Scranton. So, it was nice to be heard.”

Elsewhere, we've got a brand new cast, including Domhnall Gleeson as a new hire and Sabrina Impacciatore, who is described as the "no nonsense managing editor" of The Truth Teller.

The rest of the newsroom includes Chelsea Frei, Melvin Gregg, Ramona Young, Gbemisola Ikumelo, Alex Edelman, and Tim Key.

Confirmed to be set in the same universe as The Office, the same fictional documentary crew that once filmed the lives of Dunder Mifflin employees will now be setting their sights on The Truth Teller.

With that in mind, the new series will follow the everyday chaos at this fictional small-town newspaper. There's big work to be done, though, as the paper's publisher begins recruiting volunteer reporters to try and keep the presses running. A plot has teased that we should expect "all the dysfunction, awkwardness, and heart" that we saw in The Office, which should reassure long-term fans.

Right now, we don't have any details about a potential season 2 but if that changes we'll be sure to update you.

For now, it's up to season one to make a good first impression so this is likely where Peacock's focus lies.

Marvel’s First Family is primed to light up the silver screen starting on July 25, 2025 in The Fantastic Four: First Steps, the fifth attempt at a live-action Hollywood transformation for the comic book icons, this time as a retro-futuristic affair starring Pedro Pascal, Vanessa Kirby, Joseph Quinn, and Ebon Moss-Bachrach and directed by Matt Shakman (WandaVision).

Attempts at its adaptation as a Hollywood feature film since the unreleased Roger Corman-led movie in 1994 and the last version being director Josh Trank’s 2015 disaster have had a poor track record, with each successive effort failing miserably to capture the spirit, heart and style of The Fantastic Four. But one of the most satisfying ways to experience the gamma-ray’d metahuman gang is by engaging with one of the many fun Fantastic Four animation series presented over the years.

By far the most overlooked example of these flashy cartoon shows is Fantastic Four: The Animated Series. It’s a natural way to gear up for Marvel Studios’ $200 million summer tentpole by absorbing its familial dynamics and splashy fun that skirt the dated humor, primitive character design and sterile backgrounds of Hanna-Barbera’s The Fantastic Four animated series that appeared on Saturday mornings from 1967-68. There was also The New Fantastic Four, a short-lived 1978 series which strangely had no Human Torch and swapped H.E.R.B.I.E. the Robot due to licensing rights and rumored fears that kids might light themselves on fire!

Airing for two “fantastic” seasons starting on September 24,1994 and ending on February 24, 1996, The Fantastic Four: The Animated Series lasted for two 13-episode outings and is currently streaming all 26 chapters on Disney+. It was originally produced by Genesis Entertainment and New World Entertainment, then broadcast in syndication as part of The Marvel Action Hour (aka Marvel Action Universe) with Iron Man taking flight for the first half of the program and The Fantastic Four jumping in to finish with its 22-24 minute episodes.

Conceived by Stan Lee and Jack Kirby in 1961, this close-knit superhero team dealing with inter-dimensional villains and everyday domestic responsibilities was the House of Idea’s biggest selling title of the decade and even sported the auspicious title of The World’s Greatest Comic Magazine on its cover.

The main lineup of scientific genius Reed Richard (Mister Fantastic), Sue Storm (Invisible Woman), Johnny Storm (The Human Torch), and Ben Grimm (The Thing) has been an ongoing roster since their experimental space flight first found themselves peppered with cosmic radiation that was the cause of their uncanny superpowers.

Any self-respecting ‘90s-era animated series need a seriously cheesy theme song and Fantastic Four: The Animated Series has that one locked down tight with a goofy anthem that’s even sillier than the tunes written for the original The Karate Kid, but that’s exactly why we love it! We forgive the show for its early campiness.

Written by Ron Friedman, Glen Leopold, Elwin Ransom and a handful of others, and executive produced by Avi Arad, Stan Lee, and Rick Ungar, it showcased everything essential about the Fantastic Four, their messy interpersonal affairs and thrilling crimefighting against notorious foes like Galactus, Doctor Doom, Ego-The Living Planet (Guardians of the Galaxy Vol. 2), Silver Surfer, Annihilus, Psycho-Man, Skrulls, Mole Man, Puppet Master, Blastaar and Sub-Mariner.

Fellow comic book heroes that were featured in multiple storylines and cameos throughout the two seasons included The Inhumans, The Incredible Hulk, Thor, Ghost Rider, Daredevil, and many others. Season 2 improved greatly with the arrival of Philippine Animation Studios taking over for Wang Film Productions.

The premiere episode of the debut season is a hoot, with the Fantastic Four recalling their origin story before a studio audience during a taping of Dick Clark’s Scholarship Telethon TV show, with the real Dick Clark actually voicing himself. Subsequent installments all carry the authentic Fantastic Four flair.

Often overshadowed by the quaint charm of the 1967 Hanna-Barbera series, Fantastic Four: The Animated Series often pulled stories from legacy story arcs written by Stan Lee and drawn by Jack “King” Kirby with later illustrator John Buscema and other artists who picked up the pen.

In particular, the two-part segment, The Silver Surfer and the Coming of Galactus, was taken directly from the 1965 comic book event displayed in Fantastic Four #48-50, which was the inspiration for the screenwriters in crafting their own plot for this month's The Fantastic Four: First Steps.

Remember that this renaissance of ‘90s animation also brought us X-Men: The Animated Series, Batman: The Animated Series, and Gargoyles, so it’s the ideal chance for fans to revisit this nostalgic, highly entertaining, and vastly under-appreciated Fantastic Four cartoon show that many of a certain generation hold dear to their hearts. With its solid vocal cast, smart writing, sharp animation, and vibrant colors, give Fantastic Four: The Animated Series a heroic spin on Disney+!

• The Fantastic Four: First Steps is reportedly getting a sequel
• The Fantastic Four: First Steps trailer confirms two of the worst-kept secrets
• Marvel announces The Fantastic Four: First Steps prequel story