Bleeping Computer

Malvertising Attack Sneaks JavaScript Payload in Polyglot Images

A new malvertising attack observed in the wild relies on a less used technique to hide the malicious payload. The authors turned to polyglot images to add the JavaScript code that redirects to a page ...
Threat Post

PNG Image Metadata Leading to iFrame Injections

Researchers have discovered a relatively new way to distribute malware that relies on reading malicious obfuscated JavaScript code stored in a PNG file’s metadata to trigger iFrame injections.