Inbox Infiltration: The File Type You're Overlooking
Varonis, Tuesday, October 21st, 2025
Phishing tactics have taken a creative turn with the abuse of SVG files, turning innocent-looking images into vehicles for high-impact attacks.
A simple 'invoice' attachment can conceal sophisticated JavaScript, obfuscated in CDATA blocks, that decodes gibberish strings via XOR and launches redirects or overlays the instant someone opens it in a browser. This kind of attack is especially challenging because it lives where most security tools don't look - in code executed by an image.