A cross-site scripting (XSS) vulnerability within the Krpano framework, a popular tool for embedding 360° images and creating virtual tours, has been exploited to inject malicious scripts into over 350 websites.

This widespread campaign manipulates search engine results and spreads spam advertisements across the internet.