From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
Morning Overview on MSN

Hackers hide credit-card skimmer code inside 1×1-pixel SVG images

A credit card skimmer campaign discovered in early 2025 and still actively tracked as of April 2026 has compromised an estimated 100 online stores by hiding malicious JavaScript inside a file most ...
Bleeping Computer

Attackers use SVG files to smuggle QBot malware onto Windows systems

QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. This attack is made through ...
Ars Technica

Adult sites are stashing exploit code inside racy .svg files

Dozens of porn sites are turning to a familiar source to generate likes on Facebook—malware that causes browsers to surreptitiously endorse the sites. This time, the sites are using a newer vehicle ...
Cybernews

750,000 DNN websites in danger: a simple SVG upload can lead to complete compromise

A severe cross-site-scripting (XSS) vulnerability in DNN, a popular open-source content management platform, allows attackers ...