Tag: adobe
-
Months-old Adobe Reader zero-day uses PDFs to size up targets
Malicious PDFs abuse legit features to harvest system data and decide which victims get a 2nd-stage payload First seen on theregister.com Jump to article: www.theregister.com/2026/04/09/monthsold_adobe_reader_zeroday_uses/
-
Acrobat Reader zero-day exploited in the wild for many months
Unknown attackers have exploited a zero-day Adobe Acrobat Reader vulnerability since November 2025 and possibly even earlier, security researcher Haifei Li has discovered. PDF … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/09/acrobat-reader-zero-day-exploited/
-
Acrobat Reader zero-day exploited in the wild for many months
Unknown attackers have exploited a zero-day Adobe Acrobat Reader vulnerability since November 2025 and possibly even earlier, security researcher Haifei Li has discovered. PDF … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/09/acrobat-reader-zero-day-exploited/
-
Acrobat Reader zero-day exploited in the wild for many months
Unknown attackers have exploited a zero-day Adobe Acrobat Reader vulnerability since November 2025 and possibly even earlier, security researcher Haifei Li has discovered. PDF … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/09/acrobat-reader-zero-day-exploited/
-
Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025.The finding, detailed by EXPMON’s Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact (“Invoice540.pdf”) first appeared on the VirusTotal platform on November 28, 2025. A second First seen on…
-
PDF öffnen reicht: Zero-Day-Lücke in Adobe Reader seit Monaten unter Beschuss
Angreifer nutzen seit Ende 2025 eine Zero-Day-Lücke in Adobe Reader aus, um Daten abzugreifen und Schadcode einzuschleusen. Ein Forscher schlägt Alarm. First seen on golem.de Jump to article: www.golem.de/news/pdf-oeffnen-reicht-ungepatchte-luecke-in-adobe-reader-seit-monaten-ausgenutzt-2604-207376.html
-
PDF öffnen reicht: Ungepatchte Lücke in Adobe Reader seit Monaten ausgenutzt
Angreifer nutzen seit Ende 2025 eine Zero-Day-Lücke in Adobe Reader aus, um Daten abzugreifen und Schadcode einzuschleusen. Ein Forscher schlägt Alarm. First seen on golem.de Jump to article: www.golem.de/news/pdf-oeffnen-reicht-ungepatchte-luecke-in-adobe-reader-seit-monaten-ausgenutzt-2604-207376.html
-
MIWIC26: Funke Omolere, Senior Technology Compliance Product Owner at Adobe
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2026’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are…
-
Hackers exploiting Acrobat Reader zero-day flaw since December
Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploiting-acrobat-reader-zero-day-flaw-since-december/
-
Hackers Target Adobe Reader Users With Sophisticated Zero-Day Exploit
Tags: adobe, attack, cyber, exploit, hacker, intelligence, remote-code-execution, threat, vulnerability, zero-daySecurity researchers at EXPMON have uncovered a highly sophisticated, unpatched zero-day vulnerability actively targeting Adobe Reader users. The exploit, first detected in the wild late last month, allows threat actors to silently steal local files, gather sensitive system information, and potentially deploy remote code execution (RCE) attacks against compromised machines. According to the threat intelligence…
-
Hackers Target Adobe Reader Users With Sophisticated Zero-Day Exploit
Tags: adobe, attack, cyber, exploit, hacker, intelligence, remote-code-execution, threat, vulnerability, zero-daySecurity researchers at EXPMON have uncovered a highly sophisticated, unpatched zero-day vulnerability actively targeting Adobe Reader users. The exploit, first detected in the wild late last month, allows threat actors to silently steal local files, gather sensitive system information, and potentially deploy remote code execution (RCE) attacks against compromised machines. According to the threat intelligence…
-
prompted 2026 Security Guidance as a Service
Author, Creator & Presenter: Shruti Datta Gupta, Product Security Engineer, Adobe & Chandrani Mukherjee, Product Security Engineer, Adobe Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’) YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-security-guidance-as-a-service/
-
prompted 2026 The Hard Part Isn’t Building the Agent: Measuring Effectiveness
Author, Creator & Presenter: Shruti Datta Gupta, Product Security Engineer, Adobe & Chandrani Mukherjee, Product Security Engineer, Adobe Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’) YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-the-hard-part-isnt-building-the-agent-measuring-effectiveness-2/
-
Adobe Data Breach Allegedly Exposes 13 Million Support Tickets
A threat actor known as >>Mr. Raccoon<< claims to have breached Adobe, stealing a massive amount of sensitive data. According to a report by International Cyber Digest, the stolen files include 13 million customer support tickets, 15,000 employee records, internal documents, and all of the company's HackerOne bug bounty submissions. The attacker did not hack…
-
PolyShell attacks target 56% of all vulnerable Magento stores
Attacks leveraging the ‘PolyShell’ vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/polyshell-attacks-target-56-percent-of-all-vulnerable-magento-stores/
-
Hackers Exploiting Magento Flaw to Execute Remote Code and Seize Full Account Access
A critical vulnerability dubbed >>PolyShell<< is actively being exploited across Magento and Adobe Commerce platforms. Discovered by the Sansec Forensics Team and published on March 17, 2026, this flaw allows unauthenticated attackers to upload executable files via the platform's REST API. Because no official patch currently exists for production versions, thousands of online stores are…
-
Security Affairs newsletter Round 568 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WorldLeaks ransomware group breached the City of Los Angels PolyShell flaw exposes Magento and Adobe Commerce…
-
PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks
Sansec found a Magento and Adobe Commerce REST API flaw, named PolyShell, which allows unauthenticated file uploads and possible XSS in older versions. Sansec disclosed a critical flaw in the Magento and Adobe Commerce REST API that allows attackers to upload executable files without authentication. The issue affects versions up to 2.4.9-alpha2 and could also…
-
New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
A newly disclosed vulnerability dubbed ‘PolyShell’ affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-polyshell-flaw-allows-unauthenticated-rce-on-magento-e-stores/
-
Big Tech Unites: Industry Giants Sign Global Accord to Combat AI-Driven Scams
In a rare display of unified defense, eight of the world’s most powerful technology firms have signed a landmark pact to disrupt the global scam networks currently siphoning billions of dollars from consumers. The Online Services Accord Against Scams signed by Google, Amazon.com Inc., Microsoft Corp., Meta Platforms Inc., OpenAI, LinkedIn, Adobe Inc., and Match..…
-
Adobe to Pay $150 Million Over Hidden Fees and HardCancel Subscriptions
Tags: adobeThe Justice Department says Adobe buried the real cost of cancelling a subscription where most customers would never think to look. First seen on hackread.com Jump to article: hackread.com/adobe-hidden-fees-hard-to-cancel-subscriptions/
-
Signed malware posing as Teams and Zoom apps drops RMM backdoors
A wave of phishing campaigns that used signed malware posing as popular workplace apps like Microsoft Teams, Zoom, and Adobe Reader to deploy remote monitoring and management (RMM) backdoors. The activity, attributed to an as-yet unidentified threat actor, highlights how trusted branding and valid-looking digital signatures can be abused to gain stealthy, long-term access in…
-
Von Veo 3 bis Adobe Firefly: Welche KI-Videogeneratoren das US-Heimatschutzministerium einsetzt
First seen on t3n.de Jump to article: t3n.de/news/von-veo-3-bis-adobe-firefly-welche-ki-videogeneratoren-das-us-heimatschutzministerium-einsetzt-1728054/
-
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1
Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windowsIntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
-
Thousands of ColdFusion exploit attempts spotted during Christmas holiday
GreyNoise observed thousands of attacks targeting about a dozen Adobe ColdFusion vulnerabilities during the Christmas 2025 holiday. GreyNoise reports a coordinated campaign exploiting about a dozen Adobe ColdFusion vulnerabilities, with thousands of attack attempts observed during the Christmas 2025 holiday. >>GreyNoise observed a coordinated exploitation campaign targeting Adobe ColdFusion servers over the Christmas 2025 holiday period.
-
2.5M Malicious Requests Hit Adobe ColdFusion and Others in Holiday Attack
A holiday-timed campaign drove 2.5 million malicious requests targeting Adobe ColdFusion and other enterprise platforms. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/2-5m-malicious-requests-hit-adobe-coldfusion-and-others-in-holiday-attack/
-
Kritische Schwachstelle CVE-2025-54236 in Adobe Commerce (Magento)
In der Adobe Commerce-Software (früher Magento) wurde eine kritische Schwachstelle CVE-2025-54236 gefunden. Adobe Commerce ermöglicht nicht authentifizierten Angreifern einen Datei-Upload und am Ende des Tages sogar eine Kontoübernahme. Die Schwachstelle hat den CVSS 3.1-Index von 9.1 (auf einer Skala bis … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/kritische-schwachstelle-cve-2025-54236-in-adobe-commerce-magento/
-
U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog
Tags: adobe, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, open-source, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below the list of flaws added to the…
-
Fear the ‘SessionReaper’: Adobe Commerce Flaw Under Attack
CVE-2025-54236 is a critical flaw in Adobe Commerce (formerly Magento) that allows attackers to remotely take over sessions on the e-commerce platform. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/sessionreaper-adobe-commerce-flaw-under-attack