Bleeping Computer

New 'Blank Image' attack hides phishing scripts in SVG files

An unusual phishing technique has been observed in the wild, hiding empty SVG files inside HTML attachments pretending to be DocuSign documents. Security researchers at email security provider Avanan ...
CSOonline

How phishers are weaponizing SVG images in zero-click, evasive campaigns

Threat actors are shifting from conventional phishing tricks, which used malicious links and document macros, to benign-looking image files embedded with stealthy browser redirects. According to an ...