These images can contain hidden malicious code, links and interactive elements, security experts warn. Here’s what Gmail and Outlook users need to know.
SOPA Images/LightRocket via Getty Images, email security has never been more under the magnifying glass. Now, a new analysis has revealed how one seemingly harmless image file can slip past email security filters and get users to load malware or cough up their account passwords.
Here’s everything you need to know about the scalable vector graphics threat.by analysts at Hoxhunt has revealed that while Gmail and Outlook users tend to be targeted differently by cyber attackers, one type of threat stood out across both email environments: a rise in the popularity of SVG files as a basis for attack., after an April threat intelligence report from Trustwave highlighted a significant spike in SVG-based attacks. At the time, it was reported that there was a “staggering 1800% increase in early 2025 compared to data collected since April 2024.” The latest analysis would seem to suggest that the appetite for hackers to use SVG image files to obfuscate attacks has not been sated. “By the beginning of July of 2025 SVG files made up 4.9% of all observed attachment-based phishing,” the Hoxhunt intelligence revealed,“and March 2025 saw a peak of a whopping 15%.” While those numbers might not seem massive, believe me when I say they are in the context of total attacks. While a popular web image format, and the ability of images using it, as the name suggests, to scale clearly and sharply at any size, makes them a legitimate tool, SVG files come with a hidden danger. Not least the ability to embed JavaScript, which introduces obvious cybersecurity risk and can lead to the injection of malicious scripts directly into the image files. These can then which can then execute automatically upon opening, without the need for explicit user interaction. “Often misclassified as just images,” Hoxhunt analysts warned, “many gateways allow SVG by default and don’t deeply parse them. Links buried in xlink:href or DOM-injected HTML can evade simple link rewriting and jump to credential pages.”Hoxhunt mentioned the following red flags to watch out for:Unexpected .svg attachments, especially from untrusted senders.My advice remains the same as it did six months ago. If you get such an image file in your Gmail or Outlook email, delete it, do not open it, do not click on it.
Google Microsoft Email Google Gmail Microsoft Outlook Email Security Warning SVG Hoxhunt Phishing
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
AI flaw leaked Gmail data before OpenAI patchFox News Channel offers its audiences in-depth news reporting, along with opinion and analysis encompassing the principles of free people, free markets and diversity of thought, as an alternative to the left-of-center offerings of the news marketplace.
Read more »
Google’s Gmail Upgrade—Do Not Lose Access To Your AccountThis is how to keep using your accounts, Google says.
Read more »
Gmail Account Lockout Warning — Users Must Check This 1 Setting NowGoogle suddenly introduces new Gmail account lockout protections, including a no password required option for Android users— check your settings now.
Read more »
Gmail Account Lockout Warning — Users Must Check This 1 Setting NowGoogle suddenly introduces new Gmail account lockout protections, including a no password required option for Android users— check your settings now.
Read more »
Coinbase Institutional's Q4 Outlook: Bullish and Bearish Signals for BTC, ETH, L2sThis article distills Coinbase Institutional’s Q4 outlook—what could lift crypto into year-end and the key risks the firm is watching.
Read more »
Gmail And Outlook Users Warned As Image-Based Hack Attacks Surge In 2025These images can contain hidden malicious code, links and interactive elements, security experts warn. Here’s what Gmail and Outlook users need to know.
Read more »