Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
techtimes

SVG Phishing Emails Bypass Email Security: SANS Flags New MIME-Type Evasion

A fresh wave of phishing emails is exploiting a blind spot in enterprise email security tools — one that most organizations have not closed — by disguising executable JavaScript inside SVG image files ...
GitHub

PolinRider / DEV#POPPER — Verification & Reusable Sandbox Technique

Prior work — please read and cite these first. The original attribution of this campaign belongs to the research teams below. This repo is a cross-validation and methodology contribution, not original ...
Bleeping Computer

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity and plant a backdoor. The ...
Coingape

Bitwise XRP ETF Moves Closer to Launch as Firm Submits Final S-1 Filing

CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights to our readers. Our journal analysts bring years of experience in market analysis and blockchain ...
CSOonline

How phishers are weaponizing SVG images in zero-click, evasive campaigns

Threat actors are shifting from conventional phishing tricks, which used malicious links and document macros, to benign-looking image files embedded with stealthy browser redirects. According to an ...
Infosecurity-magazine.com

Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects

A new phishing campaign leveraging SVG files to deliver JavaScript-based redirect attacks has been uncovered by cybersecurity researchers. The attack utilizes seemingly benign image files to conceal ...
SecurityWeek

Threat Actors Use SVG Smuggling for Browser-Native Redirection

Ontinue warns of a newly observed phishing campaign leveraging Scalable Vector Graphics (SVG) files in redirect attacks that evade traditional detection. While considered harmless image formats, SVG ...
The Hacker News

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The ...
TheServerSide

What is a bitwise operator?

A bitwise operator is a character that represents an action taken on data at the bit level, as opposed to bytes or larger units of data. More simply put, it is an operator that enables the ...
The Hacker News

Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects

A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to redirect users to scam sites. The most recent ...