GitHub

svg-pan-zoom library

If you found a bug or have a suggestion first check if there is a similar open or closed issue. If there are none then create a new one. If you solved a bug or implemented a feature that may be useful ...

From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...

Apple Releases Safari Technology Preview 242 With Bug Fixes and Performance Improvements

Apple today released a new update for Safari Technology Preview, the experimental browser that was first introduced in March ...
cybernews

750,000 DNN websites in danger: a simple SVG upload can lead to complete compromise

DNN, the leading open-source content management platform (CMS) in the Microsoft ecosystem, has patched a stored cross-site scripting (XSS) vulnerability. It enables hackers to upload malicious SVG ...
theregister

Novel clickjacking attack relies on CSS and SVG

Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics (SVG) and Cascading Style Sheets (CSS). Clickjacking refers to various ways of tricking ...
Bleeping Computer

VirusTotal finds hidden malware phishing campaign in SVG files

VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia's judicial system that deliver malware. VirusTotal detected this campaign after ...
TechSpot

Hackers are hiding malware in SVG images via fake Facebook posts

A hot potato: As more websites implement age verification checks, many users are migrating to smaller, less regulated sites – unintentionally increasing their risk of encountering malware.
Ars Technica

Adult sites are stashing exploit code inside racy .svg files

Dozens of porn sites are turning to a familiar source to generate likes on Facebook—malware that causes browsers to surreptitiously endorse the sites. This time, the sites are using a newer vehicle ...
SecurityWeek

Threat Actors Use SVG Smuggling for Browser-Native Redirection

Ontinue warns of a newly observed phishing campaign leveraging Scalable Vector Graphics (SVG) files in redirect attacks that evade traditional detection. While considered harmless image formats, SVG ...
CSOonline

How phishers are weaponizing SVG images in zero-click, evasive campaigns

Threat actors are shifting from conventional phishing tricks, which used malicious links and document macros, to benign-looking image files embedded with stealthy browser redirects. According to an ...
Infosecurity-magazine.com

Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects

A new phishing campaign leveraging SVG files to deliver JavaScript-based redirect attacks has been uncovered by cybersecurity researchers. The attack utilizes ...
Moneylife

Fraud Alert: The SVG Image File Scam You Need To Watch Out for

Imagine expecting an important document from a client and receiving an email that looks completely legitimate. The email contains an attachment in an SVG (scalable vector graphics) format. You open it ...