WordPress Injection Exfiltrates Admin Login
wp-login.php injection silently exfiltrates a victim’s username and password back to the attacker’s server.
Magento 2 Skimmer Uses getCredentialStorage
A PHP skimmer injected into a Magento 2 core file and used to steal login data from HTTP requests.