As the attachments bypass signature checks, the first line of defence fails; Ontinue analysts identified the wave after correlating near-identical SVGs sent to B2B service providers and SaaS vendors, all containing distinct Base64 tracking strings that map each click to a workstation. Detecting the threat therefore hinges on deep content inspection that flags script tags inside image files or on correlating unusual .svg command-line invocations with email telemetry. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Beyond credential theft, the technique exemplifies a broader strategic pivot: adversaries increasingly weaponise file formats that browsers render natively, removing the social-engineering friction of persuading users to run macros or installers. Until such controls mature, organisations should quarantine unsolicited SVGs, enable content disarm and reconstruction, and move DMARC policies from monitoring to reject. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Once the recipient merely previews the file, hidden JavaScript executes inside the browser, triggering an invisible redirect chain that funnels victims to attacker infrastructure. In a surge of phishing campaigns, seemingly innocuous .svg attachments slip past secure email gateways because mail filters regard them as static images. The lure emails are minimalist—often a single icon or “Missed Call” teaser—and exploit organisations that have weak SPF, DKIM or DMARC enforcement.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 17 Jul 2025 09:10:17 +0000