Unmasking the SVG Threat: How Hackers Use Vector Graphics for Phishing Attacks

This report documents an active phishing campaign abusing SVG files with embedded JavaScript to redirect users to a Cloudflare‑protected phishing site that mimics Office 365; it includes delivery methods (spear‑phishing emails and cloud links), decoded payload behavior, the malicious landing URL, multiple file hashes as IOCs, and recommended defensive measures such as deep content inspection and disabling automatic SVG rendering.