Hidden in plain sight: How threat actors abuse SVGs for phishing 

Introduction Scalable Vector Graphics (SVG) files are increasingly being abused as initial phishing vectors. By embedding scriptable content directly in standalone “.svg” files— which users typically perceive as benign images—, threat actors are executing JavaScript code while evading traditional static analysis and email filters. At VMRay, our continuous threat monitoring has revealed multiple distinct SVG-powered phishing campaigns. In this blog, we dissectVMRayRead More