Posts

7 Best Open-Source PDF to JSON Extraction Models in 2026

TL;DR – Executive Summary Marker converts PDFs to clean Markdown/JSON with layout detection; ideal for RAG pipelines. Docling (IBM) offers high-fidelity table and reading order extraction via YAML config. Unstructured provides a kitchen-sink of partitioners; JSON output with element metadata. PyMuPDF4LLM streams PDF content directly into LLM-ready JSON chunks. Camelot + Tesseract combo dominates tabular data extraction when OCR is needed. LlamaParse leverages LLMs for semantic parsing; returns JSON with detection confidence. GATE + Grobid serve academic/legal documents, outputting TEI XML that is trivially mapped to JSON. We’ve spent the last 18 months ripping apart PDF ingestion pipelines for a petabyte-scale legal document system. Our team tried everything – from regex chaos to heavy‑weight computer vision models. The hard lesson: PDFs are not data; they are chaotic streams of vector‑path garbage. Extracting structured JSON from them is an exercise in controlled fail...

3 Reasons QuimaRAT MaaS Is Dangerous

Image
Executive Summary (TL;DR): Cross-Platform Java Vehicle : A single JAR payload that runs unmodified on Windows, Linux, and macOS – making traditional OS-specific endpoint defenses nearly useless. Evasive by Design : Heavy obfuscation, dynamic class loading via the Reflection API , and anti-analysis checks that frustrate sandboxes and static signature scanners. MaaS & Modularity : Low barrier to entry for threat actors; a plugin architecture enables rapid feature deployment without recompiling the base trojan. We reverse-engineered a sample from the QuimaRAT MaaS report and watched it dance through three separate operating systems without breaking a sweat. This isn’t just another commodity RAT—it’s a lesson in Java’s underbelly weaponized for profit. When Java gets slapped in a malware campaign, most defenders roll their eyes and expect a messy JAR wrapped in a dropper. QuimaRAT MaaS changes that game. I’ve spent nights pulling apart the obfuscated class tree, tracing the c...

1st Complete LLM Ransomware Attack: Key Insights

Image
Executive Summary / TL;DR JadePuffer marks the first documented ransomware campaign where a large language model orchestrated the entire kill chain—from highly personalized phishing to mutating encryption binaries. The attack employed a Kubernetes CronJob manifest to inject a self‑mutating payload that used the OpenAI API to generate encryption routines in real time. Polymorphic behavior and LLM‑driven social engineering made signature‑based detection useless. We walk you through the YAML infection vector, the Python code that called the LLM, and the forensic commands we used to trace it. This is no longer a theoretical risk. JadePuffer proves that LLM ransomware is a battlefield reality. Last week, while digging through an anomalous spike in egress traffic from one of our staging clusters, we found something that rewrote our threat model. A pod labeled log‑cleaner had spun up, pulled a tiny Alpine image, and started an outbound connection to api.openai.com . That alone w...

Top 5 Scaffold‑Split QSAR Hits for EGFR Inhibitor Discovery: A Random Forest Co‑Scientist

Image
TL;DR – Technical Takeaways Scaffold splitting trumps random splits for kinase inhibitor models—without it, your QSAR will lie to you. We built a Random Forest model on ChEMBL data, using RDKit descriptors and BRICS fragmentation. SHAP waterfall plots exposed which molecular fragments drive pIC50, linking structure to activity. The pipeline runs as a Kedro‑wrapped co‑scientist inside a container that a chemist can interrogate via a REST endpoint. We’ll share the top 5 predicted EGFR inhibitors our model surfaced—molecules never tested against EGFR in the training set. We’ve been burned before by a “world‑class” QSAR model that hit R² = 0.89 on random cross‑validation, only to crash to R² = 0.21 when we tested it on a new chemical series. The sin? Random splitting. In kinase‑centric projects like EGFR inhibitor discovery, random splits create artificially high performance by leaking close analogs across folds. That’s why we pivoted to a scaffold‑split QSAR method —a ...