News

CSO Online1d
How phishers are weaponizing SVG images in zero-click, evasive campaigns
Seemingly harmless SVGs are packed with malicious JavaScript for a phishing redirect to actor-controlled URLs.
Infosecurity Magazine1d
Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects
Once opened in a browser, the code decrypts a secondary payload using a static XOR key and then redirects the user to an ...
SecurityWeek1d
Threat Actors Use SVG Smuggling for Browser-Native Redirection
The malicious code is hidden within a CDATA section of the SVG file and relies on a static XOR key to decrypt a payload at runtime. The decrypted code reconstructs a redirect command and builds a ...
Bleeping Computer8mon
Phishing emails increasingly use SVG attachments to evade detection
Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection. Most images on the web are JPG or PNG files, which ...