News

SecurityWeek2h
Threat Actors Use SVG Smuggling for Browser-Native Redirection
The malicious code is hidden within a CDATA section of the SVG file and relies on a static XOR key to decrypt a payload at runtime. The decrypted code reconstructs a redirect command and builds a ...
Infosecurity Magazine2h
Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects
Once opened in a browser, the code decrypts a secondary payload using a static XOR key and then redirects the user to an ...
The Hacker News9h
North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign
North Korean hackers continue attacking open-source software via npm packages. 67 new malicious packages with XORIndex Loader ...
CSO Online3h
How phishers are weaponizing SVG images in zero-click, evasive campaigns
Seemingly harmless SVGs are packed with malicious JavaScript for a phishing redirect to actor-controlled URLs.
WeLiveSecurity6h
Unmasking AsyncRAT: Navigating the labyrinth of forks
AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a ...
Editorial Roundup: United States
Excerpts from recent editorials in the United States and abroad: ...
LGBTQ Nation on MSN19h
Convicted fraudster George Santos fell for someone else’s scam
Out former congressman and convicted fraudster George Santos fell for an identity theft scam targeting himself and at least one current member of Congress last month. Functional cookies help perform ...