Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

Russian BlueDelta (Fancy Bear) Uses PDFs to Steal Logins in Just 2 Seconds

New research from Recorded Future reveals how Russian state hackers (BlueDelta) are using fake Microsoft and Google login portals to steal credentials. The campaign involves using legitimate PDF lures from GRC and EcoClimate to trick victims.

HackRead
Open in Source
#web#mac#google#microsoft#git#pdf#auth
Fake Employee Reports Spread Guloader and Remcos RAT Malware

Scammers are using fake October 2025 performance reviews to trick staff into installing Guloader and Remcos RAT malware. Learn how to identify this threat and protect your personal data from remote hackers.

⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More

This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance. Scale amplified the damage. A single weak configuration rippled out to millions. A repeatable flaw worked again and

GHSA-4f6g-68pf-7vhv: pypdf has possible long runtimes for malformed startxref

### Impact An attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for invalid `startxref` entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected. ### Patches This has been fixed in [pypdf==6.6.0](https://github.com/py-pdf/pypdf/releases/tag/6.6.0). ### Workarounds ```python from pypdf import PdfReader, PdfWriter # Instead of reader = PdfReader("file.pdf") # use the strict mode: reader = PdfReader("file.pdf", strict=True) # Instead of writer = PdfWriter(clone_from="file.pdf") # use an explicit strict reader: writer = PdfWriter(clone_from=PdfReader("file.pdf", strict=True)) ``` ### Resources This issue has been fixed in #3594.

GHSA-4xc4-762w-m6cg: pypdf has possible long runtimes for missing /Root object with large /Size values

### Impact An attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the `/Root` entry in the trailer, while using a rather large `/Size` value. Only the non-strict reading mode is affected. ### Patches This has been fixed in [pypdf==6.6.0](https://github.com/py-pdf/pypdf/releases/tag/6.6.0). ### Workarounds ```python from pypdf import PdfReader, PdfWriter # Instead of reader = PdfReader("file.pdf") # use the strict mode: reader = PdfReader("file.pdf", strict=True) # Instead of writer = PdfWriter(clone_from="file.pdf") # use an explicit strict reader: writer = PdfWriter(clone_from=PdfReader("file.pdf", strict=True)) ``` ### Resources This issue has been fixed in #3594.

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. The activity has been attributed to APT28 (aka BlueDelta), which was attributed to a "sustained"

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before the next wave hits. Honeypot Traps Hackers Hackers Fall for

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

Users of the "@adonisjs/bodyparser" npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the server. Tracked as CVE-2026-21440 (CVSS score: 9.2), the flaw has been described as a path traversal issue affecting the AdonisJS multipart

GHSA-f8cm-6447-x5h2: jsPDF has Local File Inclusion/Path Traversal vulnerability

### Impact User control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are: `addImage`, `html`, `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. Example attack vector: ```js import { jsPDF } from "./dist/jspdf.node.js"; const doc = new jsPDF(); doc.addImage("./secret.txt", "JPEG", 0, 0, 10, 10); doc.save("test.pdf"); // the generated PDF will contain the "secret.txt" file ``` ### Patches The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. ### Workaro...

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit. This week’s stories share one pattern. Nothing flashy. No single moment. Just steady abuse of trust — updates, extensions,