Nearly 270,000 websites have fallen victim to malicious JavaScript injections using a unique obfuscation technique called "JSF-ck." This method encodes JavaScript using only six ASCII characters, allowing attackers to redirect users or display harmful content through iframes. Security experts emphasize the importance of keeping web servers updated and monitoring for signs of compromise.