腾讯网

基于CSS和SVG的新型点击劫持攻击技术曝光

A:SVG点击劫持攻击是一种基于可缩放矢量图形和层叠样式表的新型网络攻击技术。它利用SVG过滤器可以跨源泄露信息的特点,违反网络的同源策略,通过操纵界面元素来欺骗用户执行非预期操作,将用户输入重定向用于恶意目的。
Infosecurity-magazine.com

Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects

A new phishing campaign leveraging SVG files to deliver JavaScript-based redirect attacks has been uncovered by cybersecurity researchers. The attack utilizes ...

Novel clickjacking attack relies on CSS and SVG

Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics (SVG) and ...
Bleeping Computer

Attackers use SVG files to smuggle QBot malware onto Windows systems

QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. This attack is made through ...
Ars Technica

Adult sites are stashing exploit code inside racy .svg files

Dozens of porn sites are turning to a familiar source to generate likes on Facebook—malware that causes browsers to surreptitiously endorse the sites. This time, the sites are using a newer vehicle ...
Bleeping Computer

Phishing emails increasingly use SVG attachments to evade detection

Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection. Most images on the web are JPG or PNG files, which are ...