Technology

Here are hints and answers for the NYT Strands puzzle for July 20 No. 504.

Here are hints and the answer for today's Wordle for July 20, No. 1,492.

Need high-speed internet in Milwaukee? Residents have access to several quality ISPs, including fiber providers and multi-gig speeds.

• OpenCart websites were silently injected with malware that mimics trusted tracking scripts
• Script hides in analytics tags and quietly swaps real payment forms for fake ones
• Obfuscated JavaScript allowed attackers to slip past detection and launch credential theft in real time

A new Magecart-style attack has raised concerns across the cybersecurity landscape, targeting ecommerce websites which rely on the OpenCart CMS.

The attackers injected malicious JavaScript into landing pages, cleverly hiding their payload among legitimate analytics and marketing tags such as Facebook Pixel, Meta Pixel, and Google Tag Manager.

Exepers from c/side, a cybersecurity firm that monitors third-party scripts and web assets to detect and prevent client-side attacks, says the injected code resembles a standard tag snippet, but its behavior tells a different story.

Obfuscation techniques and script injection

This particular campaign disguises its malicious intent by encoding payload URLs using Base64 and routing traffic through suspicious domains such as /tagscart.shop/cdn/analytics.min.js, making it harder to detect in transit.

At first, it appears to be a standard Google Analytics or Tag Manager script, but closer inspection reveals otherwise.

When decoded and executed, the script dynamically creates a new element, inserts it before existing scripts, and silently launches additional code.

The malware then executes heavily obfuscated code, using techniques such as hexadecimal references, array recombination, and the eval() function for dynamic decoding.

The key function of this script is to inject a fake credit card form during checkout, styled to appear legitimate.

Once rendered, the form captures input across the credit card number, expiration date, and CVC. Listeners are attached to blur, keydown, and paste events, ensuring that user input is captured at every stage.

Importantly, the attack doesn’t rely on clipboard scraping, and users are forced to manually input card details.

After this, data is immediately exfiltrated via POST requests to two command-and-control (C2) domains: //ultracart[.]shop/g.php and //hxjet.pics/g.php.

In an added twist, the original payment form is hidden once the card information is submitted - a second page then prompts users to enter further bank transaction details, compounding the threat.

What stands out in this case is the unusually long delay in using the stolen card data, which took several months instead of the typical few days.

The report reveals that one card was used on June 18 in a pay-by-phone transaction from the US, while another was charged €47.80 to an unidentified vendor.

This breach shows a growing risk in SaaS-based e-commerce, where CMS platforms like OpenCart become soft targets for advanced malware.

There is therefore a need for stronger security measures beyond basic firewalls.

Automated platforms like c/side claim to detect threats by spotting obfuscated JavaScript, unauthorized form injections, and anomalous script behavior.

As attackers evolve, even small CMS deployments must remain vigilant, and real-time monitoring and threat intelligence should no longer be optional for e-commerce vendors seeking to secure their customers’ trust.

You might also like

• Downloaded something dodgy? These are the best malware removal tools
• Nail the basics with the best firewalls available now
• DOGE employee leaks private xAI API key from sensitive database

• 22-minute video reveals the incredible work that goes into making Beelink’s tiny desktop replacements
• There’s a surprising amount of hand-assembly and testing in the mini PC production line
• There’s narration, no music, just pure factory sounds and impressive craftsmanship

As mini PCs have quietly evolved into compact yet capable machines, many can easily replace traditional desktops.

Once seen as niche gadgets, they now power home offices, media setups, and small businesses, with high-performance processors, expandable memory, and solid I/O support, all packed into tiny, low-noise enclosures.

Chinese manufacturer Beelink has been producing high-quality mini PCs since 2011, and if you’ve ever wondered what goes into making one of these miniature powerhouses, you’ll want to watch a new video that showcases the entire process.

Hand-finished

We’re big fans of Beelink’s range of mini PCs here at TechRadar Pro. We’ve reviewed models like the SER8, SER9, Beelink ME mini, and GTR7 and always come away impressed. The company's most recent release, the GTR9 Pro, is powered by a Ryzen AI Max+ 395 processor and delivers 126 TOPS for next-gen AI.

The video, from SatisFactory Process, has so far been watched by nearly two million viewers, and for good reason. The 22-minute showcase explores how Beelink’s mini PCs are made from start to finish, and it's mesmerizing.

It begins with raw aluminum being pressed and CNC-machined into a case. From there, you see the entire transformation: polishing, chemical cleaning, abrasive blasting, electroplating, laser engraving, and dozens of small, meticulous assembly steps.

One of the most striking things is just how much of the work is done by hand.

From installing components on the motherboard to applying thermal pads and screwing together daughterboards, human workers are visible at almost every stage.

There are multiple quality control checks throughout, including electrical testing, visual inspections, firmware flashing, and more.

The build is topped off with packaging, accessories, plastic wrapping, and factory seals before heading out the door.

Part of what makes the video so watchable - and that 22 minutes absolutely flies by - is that it’s not flashy or promotional. There’s no voiceover, no music. Just the sound of real machines and real people building something.

Many of the comments under the video echo the same feeling: surprise at the number of steps involved, appreciation for the amount of human care, and admiration for a company willing to show the entire process.

As one commenter observed, “This is the best advertisement a company can do” - and it really is.

Watch and enjoy the video below.

You might also like

• These are the best business laptops around
• And these are the best workstations available today
• Compact workstation PC appears with some outstanding features

Developer Digital Extremes is opening the doors to its fantasy adventure, at least for this weekend. Here's how to join.