#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

Foxit PDF Reader | Breaking Cybersecurity News | The Hacker News

Category — Foxit PDF Reader
Researchers Find New Hack to Read Content Of Password Protected PDF Files

Researchers Find New Hack to Read Content Of Password Protected PDF Files

Oct 01, 2019
Looking for ways to unlock and read the content of an encrypted PDF without knowing the password? Well, that's now possible, sort of—thanks to a novel set of attacking techniques that could allow attackers to access the entire content of a password-protected or encrypted PDF file, but under some specific circumstances. Dubbed PDFex , the new set of techniques includes two classes of attacks that take advantage of security weaknesses in the standard encryption protection built into the Portable Document Format, better known as PDF. To be noted, the PDFex attacks don't allow an attacker to know or remove the password for an encrypted PDF; instead, enable attackers to remotely exfiltrate content once a legitimate user opens that document. In other words, PDFex allows attackers to modify a protected PDF document, without having the corresponding password, in a way that when opened by someone with the right password, the file will automatically send out a copy of the decry...
Foxit PDF Software Company Suffers Data Breach—Asks Users to Reset Password

Foxit PDF Software Company Suffers Data Breach—Asks Users to Reset Password

Aug 30, 2019
If you have an online account with Foxit Software, you need to reset your account password immediately—as an unknown attacker has compromised your personal data and log-in credentials. Foxit Software, a company known for its popular lightweight Foxit PDF Reader and PhantomPDF applications being used by over 525 million users, today announced a data breach exposing the personal information of 'My Account' service users. Though for using free versions of any Foxit PDF software doesn't require users to sign up with an account, the membership is mandatory for customers who want to access "software trial downloads, order histories, product registration information, and troubleshooting and support information." According to a blog post published today by Foxit, unknown third-parties gained unauthorized access to its data systems recently and accessed its "My Account" registered users' data, including their email addresses, passwords, users' n...
Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Future-Ready Trust: Learn How to Manage Certificates Like Never Before

WebinarTrust Management / SSL Certificate
Managing digital trust shouldn't feel impossible. Join us to discover how DigiCert ONE transforms certificate management—streamlining trust operations, ensuring compliance, and future-proofing your digital strategy.
Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader

Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader

Aug 17, 2017
Are you using Foxit PDF Reader? If yes, then you need to watch your back. Security researchers have discovered two critical zero-day security vulnerabilities in Foxit Reader software that could allow attackers to execute arbitrary code on a targeted computer, if not configured to open files in the Safe Reading Mode. The first vulnerability (CVE-2017-10951) is a command injection bug discovered by researcher Ariele Caltabiano working with Trend Micro's Zero Day Initiative (ZDI), while the second bug (CVE-2017-10952) is a file write issue found by Offensive Security researcher Steven Seeley. An attacker can exploit these bugs by sending a specially crafted PDF file to a Foxit user and enticing them to open it. Foxit refused to patch both the vulnerabilities because they would not work with the "safe reading mode" feature that fortunately comes enabled by default in Foxit Reader. "Foxit Reader & PhantomPDF has a Safe Reading Mode which is enabled by d...
cyber security

2024: A Year of Identity Attacks | Get the New eBook

websitePush SecurityIdentity Security
Prepare to defend against identity attacks in 2025 by looking back at identity-based breaches in 2024.
Expert Insights / Articles Videos
Cybersecurity Resources