Security News

Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. To carry out the attack, a malicious actor creates a PDF document with two different contents: one which is the content that's expected by the party signing the document, and the other, a piece of hidden content that gets displayed once the PDF is signed.

The 14GB leaked database contains 77,159,696 records with users' email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information. Nitro is an application that helps create, edit, and sign PDFs and digital documents, an app that Nitro Software claims to have over 10,000 business customers and roughly 1.8 million licensed users.

Security researchers on Thursday documented and described a new injection technique capable of extracting sensitive data from PDF files. The new code-injection technique essentially allows hackers to inject code to launch dangerous XSS attacks within the bounds of a PDF document.

Hidden behind a flag is a much-anticipated PDF reader that users can enable right now. The PDF reader or viewer within Google Chrome has always been relatively simple, especially compared to other browsers, like Microsoft Edge.

PDF software developer Foxit has released patches to address several high-risk vulnerabilities affecting both Windows and macOS applications. Last week, the company released security updates for both Foxit PhantomPDF Mac and Foxit Reader Mac, to address a vulnerability that could result in code injection or information disclosure.

A team of researchers from the Ruhr University Bochum in Germany has disclosed a series of new attack methods against signed PDF files. Dubbed Shadow Attacks, the new techniques allow a hacker to hide and replace content in a signed PDF document without invalidating its signature.

Foxit Software has released patches for dozens of high-severity flaws impacting its PDF reader and editor platforms. Overall, Foxit Software patched flaws tied to 20 CVEs in Foxit Reader and Foxit PhantomPDF for Windows.

Eight high-severity vulnerabilities exist in the Foxit Reader tool for editing PDF files.

Researchers have discovered weaknesses in PDF encryption which could be exploited to reveal the plaintext contents of a file to an attacker.

Researchers from Ruhr University Bochum and Münster University of Applied Sciences have devised new attacks allowing them (and potential attackers) to recover the plaintext content of encrypted...