腾讯网

高危Markdown转PDF漏洞可通过Markdown前置元数据实现JS注入攻击(CVSS 10.0)

2025年11月24日,广受欢迎的npm包md-to-pdf(每周下载量超47,000次的命令行工具)曝出高危漏洞(CVE-2025-65108)。该漏洞获得CVSS满分10分评级,攻击者可通过恶意前置元数据解析执行任意JavaScript代码。任何 ...
Bit-Tech

New PDF flaw doesn't need JavaScript

A new vulnerability in PDF readers is being exploited by ne'er-do-wells - but this one doesn't require JavaScript to be enabled in order to take control of your PC ...
Threat Post

Adobe PDF zero-day update: Turn off JavaScript

Adobe’s security response team is scrambling to investigate new public reports of a new zero-day vulnerability affecting uses of its widely deployed PDF Reader software. In a brief note posted to its ...
Bleeping Computer

New MatrixPDF toolkit turns PDFs into phishing and malware lures

A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that bypass email security and redirect victims to credential ...