News

SecurityWeek2d
Threat Actors Use SVG Smuggling for Browser-Native Redirection
The malicious code is hidden within a CDATA section of the SVG file and relies on a static XOR key to decrypt a payload at ...
Bleeping Computer6y
Malvertising Attack Sneaks JavaScript Payload in Polyglot Images
The authors turned to polyglot images to add the JavaScript code that redirects to a page offering a fake reward. The malicious code is hidden in a BMP type of picture and it is heavily obfuscated.
Threat Post11y
PNG Image Metadata Found Leveraging iFrame Injections - Threatpost
Researchers have discovered a relatively new way to distribute malware that relies on reading malicious obfuscated JavaScript code stored in a PNG file’s metadata to trigger iFrame injections.
Ars Technica6y
Malvertisers target Mac users with steganographic code stashed in images
The image, which is displayed to the right of this text, looked unremarkable. Using some clever HTML5 programming under the hood, however, it delivered malicious code to unsuspecting Mac users.
CNET17y
Convert any page (with images, JavaScript, etc.) into a locally stored ...
Now, developer Kee Hinckley along with the folks at Somewhere Inc. have created an enhanced perl script that will take any entered URL and convert the entire page (including any images, JavaScript ...