Bleeping Computer

New 'Blank Image' attack hides phishing scripts in SVG files

An unusual phishing technique has been observed in the wild, hiding empty SVG files inside HTML attachments pretending to be DocuSign documents. Security researchers at email security provider Avanan ...
Bleeping Computer

Attackers use SVG files to smuggle QBot malware onto Windows systems

QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. This attack is made through ...
Hosted on MSN

Hackers hide credit-card skimmer code inside 1×1-pixel SVG images

A credit card skimmer campaign discovered in early 2025 and still actively tracked as of April 2026 has compromised an estimated 100 online stores by hiding malicious JavaScript inside a file most ...