News

CSO Online2d
How phishers are weaponizing SVG images in zero-click, evasive campaigns
Seemingly harmless SVGs are packed with malicious JavaScript for a phishing redirect to actor-controlled URLs.
SecurityWeek2d
Threat Actors Use SVG Smuggling for Browser-Native Redirection
The malicious code is hidden within a CDATA section of the SVG file and relies on a static XOR key to decrypt a payload at ...
Infosecurity Magazine2d
Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects
Once opened in a browser, the code decrypts a secondary payload using a static XOR key and then redirects the user to an attacker-controlled site via the window.location.href function. These URLs ...
Bleeping Computer8mon
Phishing emails increasingly use SVG attachments to evade detection
Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection. Most images on the web are JPG or PNG files, which ...