Microsoft found that scammers are using image files with a hidden malicious PHP script to manipulate e-commerce checkout pages and capture payment card details in their latest attack campaigns. The attackers are obfuscating their code snippets, injecting them into image files, and masquerading as web applications. Along with active scanning and detection of threats, website admins are suggested to make sure of running the latest version of the CMS and plugins.