https://www.bleepingcomputer.com/news/security/c-is-for-credit-card-magecart-hits-volusion-e-commerce-sites/

Hackers compromised the infrastructure of Volusion cloud-based e-commerce platform to inject customer checkout pages with malicious JavaScript code that steals payment card data.

The attackers added code for dynamic injection of the card data thieving script to a JavaScript that is part of the Volusion e-commerce software.