cR0w@cR0w@infosec.exchange
I kind of love the timelessness of SVGs as an attack vector because it's such an unnecessary attack surface.
https://www.seqrite.com/blog/unmasking-the-svg-threat-how-hackers-use-vector-graphics-for-phishing-attacks/
hrbrmstr πΊπ¦
π¬π±
π¨π¦
@hrbrmstr@mastodon.social
@cR0w@infosec.exchange What, you mean that it's a bad idea to require a JavaScript execution engine to be present to support embedding JS in any file type? WCPGW?
In other news, I shld have known this before, but recently discovered you can use WASM in SVGs, too.
https://rud.is/ex/wasm.svg
