Web Trust Seal supply chain attack.

Hackers compromised the script used by Best of the Web to display their trust seal on their customers’ websites and to add two key logging scripts designed to sniff keystrokes from visitors. As Sanguine Security researcher Willem de Groot found out, “The security seal as sold by @bestoftheweb contains even 2 different keystroke loggers. One was added on Apr 24th, the other last week.” After de Groot disclosed his discovery to Best of the Web, the company confirmed that their trust seal script which was hosted on Amazon’s content delivery network (CDN) was indeed hacked.

Source: Bleeping Computer