[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Research: When Trusted Tools Become Attack Primitives

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Research: When Trusted Tools Become Attack Primitives
From: Nir Yehoshua <nir@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 26 Apr 2026 15:10:40 +0300

Hi Full Disclosure list,

I published a technical research article titled:

When Trusted Tools Become Attack Primitives

The article examines how trusted local utilities can become
security-relevant primitives when used inside automated processing
pipelines.

It covers two case studies:

   1. macOS textutil resolving remote resources during HTML-to-text
   conversion.
   2. KeePassXC KDBX-controlled KDF parameters creating significant
   resource-consumption differences.

Article:

https://ciphersecuritylabs.com/research/articles/when-trusted-tools-become-attack-primitives


Author:
Nir Yehoshua
Cipher Security Labs



Regards,

-- 
Nir Yehoshua | Co-Founder
+972 50 687 7216
Nir@xxxxxxxxxxxxxxxxxxxxxx
https://ciphersecuritylabs.com/
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Prev by Date: [FD] [KIS-2026-08] SocialEngine <= 7.8.0 (get-memberall) SQL Injection Vulnerability
Next by Date: [FD] APPLE-SA-04-22-2026-1 iOS 26.4.2 and iPadOS 26.4.2
Previous by thread: [FD] [KIS-2026-08] SocialEngine <= 7.8.0 (get-memberall) SQL Injection Vulnerability
Next by thread: [FD] APPLE-SA-04-22-2026-1 iOS 26.4.2 and iPadOS 26.4.2
Index(es):
- Date
- Thread