Key Findings Sansec researchers discovered a novel payment skimmer using WebRTC data channels to steal and exfiltrate payment data instead of traditional HTTP requests The skimmer exploits the PolyShell vulnerability in Magento and Adobe Commerce to inject malicious code on e-commerce sites WebRTC connections bypass Content Security Policy rules and use encrypted UDP traffic, making detection significantly more difficult than traditional skimmers Since March 19, 2026, the vul
