Scalable Vector Graphics files can contain embedded JavaScript, CSS, and external references. Attackers send malicious SVG files as "harmless images." Security scanners expecting binary image formats miss the executable code inside. SVG files have become a preferred vector for cross-site scripting and drive-by download attacks.