#malicious-pdf

[ follow ]
#cybersecurity #malware #vulnerabilities #ai #vulnerability #security #phishing #cybercrime #ransomware
#adobe-reader
Information security
fromThe Hacker News
1 day ago

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

A zero-day vulnerability in Adobe Reader is being exploited through malicious PDF documents to harvest sensitive data and execute additional payloads.
Information security
fromSecurityWeek
1 day ago

Adobe Reader Zero-Day Exploited for Months: Researcher

A zero-day vulnerability in Adobe Reader has been discovered, capable of exploiting user data and enabling remote code execution.
Information security
fromThe Hacker News
1 day ago

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

A zero-day vulnerability in Adobe Reader is being exploited through malicious PDF documents to harvest sensitive data and execute additional payloads.
Information security
fromSecurityWeek
1 day ago

Adobe Reader Zero-Day Exploited for Months: Researcher

A zero-day vulnerability in Adobe Reader has been discovered, capable of exploiting user data and enabling remote code execution.
more#adobe-reader
#apple-intelligence
Apple
fromTheregister
1 day ago

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.
Apple
fromSecurityWeek
1 day ago

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.
Apple
fromTheregister
1 day ago

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.
Apple
fromSecurityWeek
1 day ago

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.
more#apple-intelligence
#data-breach
Privacy professionals
fromTechCrunch
2 days ago

Hackers steal and leak sensitive LAPD police documents | TechCrunch

Cybercriminals leaked sensitive LAPD documents online, including personnel files and internal investigations, allegedly by the extortion gang World Leaks.
Privacy professionals
fromTechCrunch
2 days ago

Hackers steal and leak sensitive LAPD police documents | TechCrunch

Cybercriminals leaked sensitive LAPD documents online, including personnel files and internal investigations, allegedly by the extortion gang World Leaks.
more#data-breach
Cryptocurrency
fromSecurityWeek
1 day ago

$3.6 Million Stolen in Bitcoin Depot Hack

Bitcoin Depot reported a theft of approximately $3.6 million in bitcoin due to a cyber intrusion into its IT systems.
#ai
Information security
fromFortune
6 hours ago

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.
Information security
fromwww.theguardian.com
2 days ago

Anthropic says its latest AI model can expose weaknesses in software security

Claude Mythos exposes thousands of software vulnerabilities, prompting Anthropic to limit its release and collaborate with cybersecurity specialists.
Information security
fromTheregister
2 days ago

Anthropic Mythos model can find and exploit 0-days

AI model Mythos can generate zero-day vulnerabilities, surpassing human capabilities, but Anthropic chose not to release it to prevent widespread exploitation.
Information security
fromFortune
6 hours ago

Anthropic's Mythos is a wake up call, but experts say the era of AI-driven hacking is already here | Fortune

Anthropic's Mythos AI model is too dangerous to release widely due to its ability to exploit software vulnerabilities.
Information security
fromwww.theguardian.com
2 days ago

Anthropic says its latest AI model can expose weaknesses in software security

Claude Mythos exposes thousands of software vulnerabilities, prompting Anthropic to limit its release and collaborate with cybersecurity specialists.
Information security
fromTheregister
2 days ago

Anthropic Mythos model can find and exploit 0-days

AI model Mythos can generate zero-day vulnerabilities, surpassing human capabilities, but Anthropic chose not to release it to prevent widespread exploitation.
more#ai
#ransomware
Healthcare
fromTheregister
2 days ago

Ransomware knocks Dutch healthcare software vendor offline

A ransomware attack has taken down Dutch healthcare software vendor ChipSoft, affecting its services to hospitals across the country.
Information security
fromSecuritymagazine
2 days ago

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.
Information security
fromSecurityWeek
3 days ago

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

Medusa ransomware group rapidly exploits vulnerabilities, impacting critical sectors and employing double extortion tactics since June 2021.
Healthcare
fromTheregister
2 days ago

Ransomware knocks Dutch healthcare software vendor offline

A ransomware attack has taken down Dutch healthcare software vendor ChipSoft, affecting its services to hospitals across the country.
Information security
fromSecuritymagazine
2 days ago

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.
Information security
fromSecurityWeek
3 days ago

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

Medusa ransomware group rapidly exploits vulnerabilities, impacting critical sectors and employing double extortion tactics since June 2021.
more#ransomware
Node JS
fromZero Day Initiative
2 days ago

Zero Day Initiative - Node.js Trust Falls: Dangerous Module Resolution on Windows

Node.js module resolution can lead to security vulnerabilities if malicious packages are placed in the root node_modules directory.
Canada news
fromThe Walrus
3 days ago

Why Your Credit Card Is a National Security Threat | The Walrus

Canada needs to develop its own digital payment infrastructure to ensure financial autonomy and protect against foreign control.
fromTechCrunch
3 days ago

Adobe launches Acrobat Spaces, a free AI-powered study tool for students | TechCrunch

With the launch of Acrobat Spaces, Adobe aims to provide students with a comprehensive tool for creating study materials, competing with existing AI solutions like Google's NotebookLM and Goodnotes.
Online learning
Privacy technologies
fromThe Hacker News
13 hours ago

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google's Device Bound Session Credentials enhance security for Chrome users by tying authentication sessions to specific devices, combating session theft.
#security
Privacy professionals
fromSecurityWeek
1 day ago

The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security

Visibility through security measures can deter undesirable behavior and enhance safety in challenging situations.
Privacy technologies
fromWIRED
1 week ago

This App Makes Even the Sketchiest PDF or Word Doc Safe to Open

Dangerzone is a free tool that safely opens potentially harmful documents by converting them into secure image-based PDFs.
Privacy professionals
fromSecurityWeek
1 day ago

The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security

Visibility through security measures can deter undesirable behavior and enhance safety in challenging situations.
Privacy technologies
fromWIRED
1 week ago

This App Makes Even the Sketchiest PDF or Word Doc Safe to Open

Dangerzone is a free tool that safely opens potentially harmful documents by converting them into secure image-based PDFs.
more#security
Healthcare
fromSecurityWeek
2 days ago

Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption

Signature Healthcare in Brockton diverted ambulances due to a cyberattack, impacting services but not surgeries or procedures.
Node JS
fromNist
3 days ago

NVD

Tinyproxy versions up to 1.11.3 are vulnerable to HTTP request parsing desynchronization due to case-sensitive Transfer-Encoding header comparison.
Information security
fromTechRepublic
1 day ago

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

Attackers exploit a zero-day vulnerability in Adobe Acrobat Reader to steal data and potentially take over systems using malicious PDF files.
Apple
fromMail Online
1 day ago

Warning to all iPhone users over new scam draining bank accounts

iPhone users are warned about a scam involving fake Apple Pay alerts that drain bank accounts.
#cybersecurity
Information security
fromZDNET
5 hours ago

Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now

FBI and NSA warn of Russian hackers targeting vulnerable routers, urging users to update firmware and strengthen passwords.
Information security
fromTechSpot
1 day ago

Hackers are turning home routers into tools to spy on Microsoft 365 users

Forest Blizzard hackers exploit insecure routers to compromise devices and intercept traffic, targeting Microsoft 365 domains for sensitive data.
Information security
fromTheregister
1 day ago

Old Adobe Reader zero-day uses PDFs to size up targets

Hackers exploit a zero-day vulnerability in Adobe Acrobat Reader using malicious PDFs for targeted profiling and potential system compromise.
Healthcare
fromBoston.com
3 days ago

Signature Healthcare in Brockton hit by cybersecurity incident

Signature Healthcare is managing a cybersecurity incident, affecting some services while maintaining inpatient and emergency care.
Information security
fromSecurityWeek
14 hours ago

Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users

A severe vulnerability in EngageLab's EngageSDK affects cryptocurrency wallet apps, risking exposure of sensitive user information.
Information security
fromZDNET
5 hours ago

Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now

FBI and NSA warn of Russian hackers targeting vulnerable routers, urging users to update firmware and strengthen passwords.
Information security
fromTechSpot
1 day ago

Hackers are turning home routers into tools to spy on Microsoft 365 users

Forest Blizzard hackers exploit insecure routers to compromise devices and intercept traffic, targeting Microsoft 365 domains for sensitive data.
more#cybersecurity
Apple
fromTechRepublic
1 day ago

New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts

Apple warns iPhone users about a surge in social engineering scams targeting bank accounts through panic-inducing messages.
Privacy professionals
fromTechCrunch
2 days ago

Hack-for-hire group caught targeting Android devices and iCloud backups | TechCrunch

A hack-for-hire group is targeting journalists and officials in the Middle East and North Africa using phishing and spyware tactics.
#android
Information security
fromTechzine Global
8 hours ago

Android trojan linked to Cambodia following anomalous DNS spike

A banking Trojan operating from Cambodia registers 35 new domains monthly, targeting users in 21 countries and exploiting fake apps for fraud.
Information security
fromTechRepublic
4 hours ago

Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed

A critical flaw in the EngageLab SDK allowed malicious apps to exploit trusted permissions, affecting over 50 million Android users.
Information security
fromTechzine Global
8 hours ago

Android trojan linked to Cambodia following anomalous DNS spike

A banking Trojan operating from Cambodia registers 35 new domains monthly, targeting users in 21 countries and exploiting fake apps for fraud.
Information security
fromTechRepublic
4 hours ago

Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed

A critical flaw in the EngageLab SDK allowed malicious apps to exploit trusted permissions, affecting over 50 million Android users.
more#android
Privacy professionals
fromWIRED
2 days ago

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

Telegram groups facilitate the sale of hacking and surveillance services, promoting abusive content targeting women and girls.
#marimo
Information security
fromSecurityWeek
12 hours ago

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.
Information security
fromThe Hacker News
10 hours ago

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical vulnerability in Marimo allows unauthenticated remote code execution, exploited within hours of disclosure, affecting all versions prior to 0.20.4.
Information security
fromSecurityWeek
12 hours ago

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.
Information security
fromThe Hacker News
10 hours ago

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical vulnerability in Marimo allows unauthenticated remote code execution, exploited within hours of disclosure, affecting all versions prior to 0.20.4.
more#marimo
Information security
fromSecurityWeek
11 hours ago

Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000

Google released Chrome 147, fixing 60 vulnerabilities, including two critical ones affecting WebML, with significant bug bounties awarded to researchers.
Information security
fromThe Hacker News
1 day ago

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.
fromSecurityWeek
12 hours ago

MITRE Releases Fight Fraud Framework

"These incidents involve the intentional use of deceptive or illegal practices to fraudulently obtain money, assets, or information from individuals or institutions, and include actions carried out over cyber channels."
Information security
#wordpress
Information security
fromThe Hacker News
14 hours ago

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors hijacked the Smart Slider 3 Pro plugin update system to distribute a backdoored version affecting WordPress and Joomla users.
Information security
fromSecurityWeek
2 days ago

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.
Information security
fromThe Hacker News
14 hours ago

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors hijacked the Smart Slider 3 Pro plugin update system to distribute a backdoored version affecting WordPress and Joomla users.
Information security
fromSecurityWeek
2 days ago

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.
more#wordpress
#ai-security
Information security
fromThe Hacker News
10 hours ago

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

AI browser extensions pose significant security risks, often overlooked, with vulnerabilities and access that can compromise enterprise networks.
Information security
fromThe Hacker News
10 hours ago

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

AI browser extensions pose significant security risks, often overlooked, with vulnerabilities and access that can compromise enterprise networks.
Information security
fromSecurityWeek
4 days ago

Google DeepMind Researchers Map Web Attacks Against AI Agents

Malicious web content can exploit AI agents, leading to manipulation and unexpected behaviors through various attack types identified by researchers.
more#ai-security
Information security
fromThe Hacker News
3 days ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.
Information security
fromThe Hacker News
2 days ago

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Project Glasswing uses Claude Mythos to identify and address cybersecurity vulnerabilities, surpassing human capabilities in some instances.
Information security
fromSecurityWeek
1 day ago

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities

Palo Alto Networks and SonicWall released patches for multiple vulnerabilities, including high-severity bugs that could allow unauthorized access and code execution.
Information security
fromTechRepublic
2 days ago

'BlueHammer' Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices

A security researcher released exploit code for a Windows zero-day vulnerability called BlueHammer, allowing privilege escalation without an official Microsoft patch.
#phishing
Information security
fromTheregister
3 days ago

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.
fromThe Hacker News
2 weeks ago
Information security

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.
fromComputerworld
2 months ago
Information security

Pretend Disk Format: PDFs harbor new dangers

Phishing emails link to IPFS-hosted virtual hard disks containing WSF files disguised as PDFs that install AsyncRAT, enabling remote control of company computers.
Information security
fromTheregister
3 days ago

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.
Information security
fromThe Hacker News
1 week ago

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.
Information security
fromThe Hacker News
2 weeks ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.
more#phishing
#identity-management
fromThe Hacker News
2 days ago
Information security

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.
Information security
fromThe Hacker News
3 days ago

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.
Information security
fromThe Hacker News
2 days ago

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.
Information security
fromThe Hacker News
3 days ago

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.
more#identity-management
Information security
fromTechRepublic
2 days ago

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Security operations lag behind rapid tech advancements, leading to inefficiencies and risks in managing numerous security tools.
#cybercrime
Information security
fromSecurityWeek
2 days ago

FBI: Cybercrime Losses Neared $21 Billion in 2025

Cyber-enabled crime losses increased by 26% in 2025, nearing $21 billion, with investment fraud being the most significant contributor.
Information security
fromSecurityWeek
2 days ago

FBI: Cybercrime Losses Neared $21 Billion in 2025

Cyber-enabled crime losses increased by 26% in 2025, nearing $21 billion, with investment fraud being the most significant contributor.
more#cybercrime
Information security
fromThe Hacker News
2 days ago

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Contagious Interview campaign targets Go, Rust, and PHP ecosystems with malicious packages that function as malware loaders.
Information security
fromSecurityWeek
3 days ago

The New Rules of Engagement: Matching Agentic Attack Speed

AI-enabled cyberattacks are currently occurring, with significant impacts on organizations and a widening gap between attackers and defenders.
Information security
fromTechRepublic
4 days ago

Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users

Apple's macOS update introduces a warning system to prevent users from executing potentially harmful commands in Terminal.
Information security
fromThe Hacker News
4 days ago

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Multi-OS attacks complicate SOC operations, leading to delays, fragmented evidence, and increased escalation volume, ultimately allowing attackers more time to operate.
#malware
Information security
fromThe Hacker News
2 weeks ago

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

A sophisticated malware campaign targets Web3 support teams using deceptive links to deliver malicious executables and establish persistent communication with threat actors.
Information security
fromThe Hacker News
2 weeks ago

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

A sophisticated malware campaign targets Web3 support teams using deceptive links to deliver malicious executables and establish persistent communication with threat actors.
more#malware
Information security
fromSecurityWeek
1 week ago

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.
fromTheregister
2 months ago

Everyone's exploiting a WinRAR bug to drop RATs

The exploit abuses Alternate Data Streams (ADS), a feature in Windows, to hide malware. Attackers craft malicious RAR archives with a decoy PDF or other file inside, and when a user opens the decoy file on a vulnerable version of WinRAR, the hidden malware writes files to arbitrary locations on the system. "Multiple government-backed actors have adopted the CVE-2025-8088 exploit, predominantly focusing on military, government, and technology targets," GTIG said in a Tuesday report.
Information security
[ Load more ]