Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts into a video player. Skimmers are commonly used on checkout pages for online stores to steal payment information. When a website embeds that player, it embeds the malicious script, causing the site to become infected. This stolen information is then sent back to an attacker-controlled server, where the threat actors can collect it for further attacks.Website administrators who embed JavaScript scripts on their sites should not trust them blindly, even if the source has been proven to be trustworthy.”]