All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Adult Sites Embed Malicious Code in .SVG Files to Exploit Browsers

By

The-Old-Hacker

9mo ago· 2 min readenNews
Bagel score 70 of 100
70/100
Toasty
Bagelometer

Properly proved. Has structure, has flavour, has a point.

Score70TypenewsSentimentnegative

Summary

Adult websites are embedding exploit code within .svg files, which, when decoded, triggers a browser to download malicious JavaScript. The final payload, Trojan.JS.Likejack, silently clicks 'Like' on Facebook posts without user consent. Researchers highlight the risks of executing JavaScript from seemingly harmless image files.

Key quotes

· 2 pulled
This Trojan, also written in Javascript, silently clicks a ‘Like’ button for a Facebook page without the user’s knowledge or consent, in this case the adult posts we found above.
Running JavaScript from inside an image? What could possibly go wrong?
Snippet from the RSS feed
Running JavaScript from inside an image? What could possibly go wrong?

You might also wanna read

Phishing Campaign Targets Signal Users by Stealing Backup Recovery Keys

A new wave of phishing attacks is targeting Signal users by impersonating the app's support team. Hackers send messages inside Signal claimi

cybersecuritynews.com·56m ago

New phishing campaign targets Signal users to steal chat backup recovery keys

Hackers are targeting Signal users in a new phishing campaign that attempts to steal their chat backups. The attackers pose as Signal's supp

techcrunch.com·1h ago

Weekly cybersecurity roundup: FortiClient EMS infostealer, Trend Micro Apex One exploit, and crypto payment security

A weekly roundup of cybersecurity news, featuring an interview with Coinflow's CISO about crypto payment security under AI-driven threats, c

helpnetsecurity.com·2h ago

CISA Adds Palo Alto Networks PAN-OS Authentication Bypass Vulnerability to Known Exploited Vulnerabilities Catalog

CISA has added a new vulnerability (CVE-2026-0257) to its Known Exploited Vulnerabilities (KEV) Catalog, affecting Palo Alto Networks PAN-OS

cisa.gov·5h ago

CISA Adds Palo Alto Networks PAN-OS Authentication Bypass Vulnerability to Known Exploited Vulnerabilities Catalog

CISA has added a new vulnerability (CVE-2026-0257) to its Known Exploited Vulnerabilities (KEV) Catalog, affecting Palo Alto Networks PAN-OS

cisa.gov·5h ago

#NYTechWeek Panel: Addressing the Youth Cybersecurity Talent Gap

This article announces a panel event at #NYTechWeek focused on the cybersecurity talent gap among young people. Moderated by Girls Who Code

partiful.com·6h ago