SpeedTree checkout page contained card-skimming code for five months.

Malicious code on Unity’s SpeedTree website checkout page harvested customer information, including names, addresses, email addresses, payment card numbers, and access codes between March 13 and August 26, 2025. Unity notified 428 affected individuals and offered them free credit monitoring and identity protection services. The breach follows recent warnings about a separate high-severity Unity Editor vulnerability that allows attackers to load arbitrary libraries and execute malicious code on devices running Unity-built applications.

Read more:

https://www.securityweek.com/malicious-code-on-unity-website-skims-information-from-hundreds-of-customers/