Emerging Phishing Techniques: New Threats and Attack Vectors

Description

This analysis delves into four sophisticated phishing techniques observed in 2025. These include embedding Base64-encoded JavaScript in SVG files, hiding malicious URLs in PDF annotations, using OneDrive links to deliver dynamic phishing content, and nesting MHT files within OpenXML documents. These methods successfully evaded email protections and reached intended victims, demonstrating the increasing sophistication of threat actors. The techniques exploit unconventional file formats, cloud-based platforms, and structural obfuscation to bypass traditional security measures. The findings emphasize the need for improved detection mechanisms, deeper inspection of file structures, and advanced context-aware parsing in email and document security tools.