RFID microchips used in veterinary medicine, retail and logistics can be a tool for spreading malware without the need for internet access. This new type of threat requires immediate strengthening of infrastructure security.
69 
Cybercriminals have been quietly stealing the bank card details of Caritas Spain donors for over a year, using web skimming techniques and vulnerabilities in the WooCommerce plugin on WordPress.
Researchers from Jscrambler have discovered that at least 17 Caritas websites within the international Caritas Internationalis network have been victims of a carefully planned attack. The campaign began in February 2024, but was only discovered in March 2025.
The attackers injected malicious code into WooCommerce scripts, which allowed them to intercept card details that users entered on donation pages. The attack took place in two stages: the first stage loaded a low-profile script, and the second stage implemented a fake payment form interface. User data was transmitted to hackers in real time.
The stolen data includes: full name, card number, CVV, expiration date, DNI, residential address, email, phone number, and even browser data.
Caritas España is the official charitable organization of the Catholic Church in Spain, founded in 1947. It processes millions of euros in charitable contributions annually, with over 70 diocesan offices and thousands of local branches.
The amount of donations in 2022 amounted to 7.4 million $. An attack on such structures not only undermines trust in charity, but also puts hundreds of thousands of benefactors around the world at risk.
This case is a vivid reminder: even charitable websites are not immune to cyberattacks. Organizations are required to carefully check third-party plugins, update security systems, and implement client-side protection solutions. It is also necessary to monitor IP address activity and use injection detection technologies.
69 
100 
87