Fickle PDFs: exploiting browser rendering discrepancies Imagine the CEO of a random company receives an email containing a PDF invoice file. In Safari and MacOS Preview, the total price displayed is £399. After approval, the invoice is sent to the accounti

Today I found out that my article on #KoboldLetters inspired this work on #FicklePDFs: portswigger.net/research/fickle-pdfs-exp...

One week ago we were at #BSidesMunich2024 and if you didn't get a chance to attend, you can now catch up by watching the recordings.

For example, @weddige's talk about Kobold Letters And Other Mischief: https://www.youtube.com/watch?v=ko9cwRM3BZU

#KoboldLetters #SalamanderMIME

the recording of my talk on #KoboldLetters and #SalamanderMIME is now on YouTube: https://www.youtube.com/watch?v=ko9cwRM3BZU

@lutrasecurity I'll be talking about #SalamanderMIME and #KoboldLetters at @BSidesMunich tomorrow:

2024.bsidesmunich.org/talks/002-06_JUXQQB_kobo...

Kobold letters – Lutra Security Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent i...

Awareness may be enough when you're up against a Nigerian prince, but it won't help you against #KoboldLetters.

I've looked at an attack strategy that (mis)uses HTML and CSS to create sophisticated #phishing attacks that will fool even the most attentive reader.

lutrasecurity.com/en/articles/...