From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
cybernews

750,000 DNN websites in danger: a simple SVG upload can lead to complete compromise

DNN, the leading open-source content management platform (CMS) in the Microsoft ecosystem, has patched a stored cross-site scripting (XSS) vulnerability. It enables hackers to upload malicious SVG ...
MacRumors

Apple Releases Safari Technology Preview 234 With Bug Fixes and Performance Improvements

Apple today released a new update for Safari Technology Preview, the experimental browser that was first introduced in March 2016. Apple designed ‌Safari Technology Preview‌ to allow users to test ...
The Hacker News

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to obfuscate payloads ...
Microsoft

AI vs. AI: Detecting an AI-obfuscated phishing campaign

Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses. Appearing to be ...
Bleeping Computer

VirusTotal finds hidden malware phishing campaign in SVG files

VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia's judicial system that deliver malware. VirusTotal detected this campaign after ...
The Hacker News

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system. The SVG ...
Deadline.com

‘Weapons’ Rises To $43M+ Opening, Still Freaking Out ‘Freakier Friday’: How New Line & Warner Bros Pulled It Off – Box Office Update

For Weapons, Sunday came in at $11.3M instead of $10.3M, off 19% from Saturday’s $14M. While legging out to a crazy 5x multiple is foreseeable, in regards to whether the Zach Cregger-directed movie ...
TechSpot

Hackers are hiding malware in SVG images via fake Facebook posts

A hot potato: As more websites implement age verification checks, many users are migrating to smaller, less regulated sites – unintentionally increasing their risk of encountering malware.
Ars Technica

Adult sites are stashing exploit code inside racy .svg files

Dozens of porn sites are turning to a familiar source to generate likes on Facebook—malware that causes browsers to surreptitiously endorse the sites. This time, the sites are using a newer vehicle ...
Infosecurity-magazine.com

Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects

A new phishing campaign leveraging SVG files to deliver JavaScript-based redirect attacks has been uncovered by cybersecurity researchers. The attack utilizes seemingly benign image files to conceal ...
CSOonline

How phishers are weaponizing SVG images in zero-click, evasive campaigns

Threat actors are shifting from conventional phishing tricks, which used malicious links and document macros, to benign-looking image files embedded with stealthy browser redirects. According to an ...