US government websites hit by malicious PDF uploads
A recent investigation found that several US government and university websites were unknowingly hosting sketchy PDFs—think links to AI porn apps, crypto scams, sex-toy retailers, and even malware.
Security researcher Brian Penny discovered the files in recent weeks across sites like Reginfo.gov, the New York State Museum, and others.
How agencies reacted
Once Penny raised the alarm, most agencies quickly took down the shady files.
California's Secretary of State said some non-official documents slipped in through its bizfile portal but stressed there was no data breach.
Washington state blocked suspicious IPs tied to uploads on public calendars.
Indiana traced a deepfake guide PDF back to bot attacks, while Nevada and others pointed to a third-party vendor glitch—which has since been patched—as the likely cause.