Bleeping Computer

New 'Blank Image' attack hides phishing scripts in SVG files

An unusual phishing technique has been observed in the wild, hiding empty SVG files inside HTML attachments pretending to be DocuSign documents. Security researchers at email security provider Avanan ...
CSOonline

How phishers are weaponizing SVG images in zero-click, evasive campaigns

Threat actors are shifting from conventional phishing tricks, which used malicious links and document macros, to benign-looking image files embedded with stealthy browser redirects. According to an ...
Bleeping Computer

VirusTotal finds hidden malware phishing campaign in SVG files

VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia's judicial system that deliver malware. VirusTotal detected this campaign after ...
Ars Technica

Adult sites are stashing exploit code inside racy .svg files

Dozens of porn sites are turning to a familiar source to generate likes on Facebook—malware that causes browsers to surreptitiously endorse the sites. This time, the sites are using a newer vehicle ...