New WebRTC skimmer exploits PolyShell vulnerability

April 9, 2026

A new payment skimmer utilizing WebRTC data channels has been discovered, enabling it to bypass security controls by loading payloads and exfiltrating stolen data. This sophisticated attack method was observed targeting a car maker's e-commerce website, facilitated by the PolyShell vulnerability affecting Magento platforms, The Hacker News reports.

The skimmer operates by establishing a WebRTC peer connection to a hard-coded IP address over UDP port 3479 to retrieve JavaScript code. This code is then injected into web pages to steal payment information. Unlike traditional methods relying on HTTP requests, WebRTC data channels are encrypted and use UDP, making them invisible to network security tools that inspect HTTP traffic. The PolyShell vulnerability, which allows unauthenticated attackers to upload arbitrary executables via the REST API, has been under mass exploitation since March 19, 2026. While Adobe released a fix in version 2.4.9-beta1 on March 10, 2026, it has not yet reached production versions.

Site owners are advised to implement immediate mitigations, including blocking access to specific directories and scanning for malicious code, to protect against ongoing threats and potential data breaches.

Source: The Hacker News

SC Staff

Oracle Corporation location. Oracle offers technology and cloud based solutions II

Data Security

ShinyHunters gang targets Oracle PeopleSoft servers in data theft attacks

SC StaffJune 10, 2026

The ShinyHunters gang is exploiting a combination of old and zero-day vulnerabilities, referred to as a "gadget chain," to target both cloud and on-premises Oracle PeopleSoft instances.