News

SecurityWeek10d
Threat Actors Use SVG Smuggling for Browser-Native Redirection
The malicious code is hidden within a CDATA section of the SVG file and relies on a static XOR key to decrypt a payload at ...
Infosecurity Magazine24y
Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects
Once opened in a browser, the code decrypts a secondary payload using a static XOR key and then redirects the user to an ...
Ars Technica18y
Calling javascript functions from embedded svg | Ars OpenForum
So, I have an SVG graphic embedded in an html page.<BR><BR>within the svg are some mouseover events that do some re-drawing stuff.<BR><BR>Now I want the containing page to also make some updates ...
Bleeping Computer2y
Attackers use SVG files to smuggle QBot malware onto ... - BleepingComputer
This attack is made through embedded SVG files containing JavaScript that reassemble a Base64 encoded QBot malware installer that is automatically downloaded through the target's browser.
Bleeping Computer8mon
Phishing emails increasingly use SVG attachments to evade detection
Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection. Most images on the web are JPG or PNG files, which ...