![When “safe” documents aren’t. [Research Saturday]](https://megaphone.imgix.net/podcasts/0ae1f78c-2a09-11f1-9680-93bb8035fd25/image/8f3cd4038c81bba2a8ea4ca89f3e23c4.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
When “safe” documents aren’t. [Research Saturday]
CyberWire Daily · N2K Networks
Audio is streamed directly from the publisher (pdst.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Omer Ninburg, CTO of Novee Security, joins us on this episode of Research Saturday to discuss their work on "From PDF to Pwn: Scalable 0day Discovery in PDF Engines and Services Using Multi-Agent LLMs." Historically, Portable Document Formats – the immutable, localized PDF – was once considered a “safe” component inside enterprise environments. That is no longer the case.
To demonstrate how PDF services and engines can be exploited, the team at Novee used their proprietary, multi-agent LLM system to uncover vulnerability patterns, and systematically scale them into a broad discovery campaign across two PDF vendor ecosystems.
The research uncovered 16 verified vulnerabilities across client-side PDF viewers, embedded plugins, and server-side PDF services.
The research and executive brief can be found here:
- From PDF to Pwn: Scalable 0day Discovery in PDF Engines and Services Using Multi-Agent LLMs
- Hacker-Trained AI Discovers 16 New 0-Day Vulnerabilities in PDF Engines
Learn more about your ad choices. Visit megaphone.fm/adchoices