A sophisticated, long-running Magecart campaign has been compromising e-commerce websites to steal payment card data, with a notable focus on the Spanish payment ecosystem. The attackers utilize multi-stage JavaScript payloads, mimic legitimate payment gateways like Redsys, and exfiltrate stolen data in real-time via WebSockets to evade traditional detection mechanisms.