Tag: adobe

Severe Adobe Illustrator Flaw Allows Remote Code Execution

May 14, 2025 5:39 PM

Tags: adobe, cve, cvss, cyber, flaw, macOS, remote-code-execution, software, update, vulnerability, windows

Adobe has issued an urgent security update for its widely used graphic design software, Adobe Illustrator, following the discovery of a critical heap-based buffer overflow vulnerability tracked as CVE-2025-30330. This flaw, which allows arbitrary code execution on affected systems, impacts both Windows and macOS versions of Illustrator 2024 and 2025. Rated with a CVSS score…
The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser

May 13, 2025 10:38 PM

Tags: access, adobe, api, apple, attack, browser, business, chrome, ciso, cloud, compliance, conference, control, credentials, crypto, cyber, data, detection, dora, endpoint, exploit, finance, gartner, google, grc, identity, infrastructure, microsoft, monitoring, nis-2, open-source, password, phishing, ransomware, regulation, resilience, risk, risk-assessment, saas, sbom, software, technology, theft, threat, tool, unauthorized, update, vulnerability

The Security Gap JPMorgan Chase’s CISO Didn’t Mention”Š”, “ŠAnd Why It’s in Your Browser When the CISO of JPMorgan Chase issues a public letter to all technology vendors, the industry pays attention”Š”, “Šand rightfully so. In his open letter, Rohan Amin lays out a firm, urgent call: prioritize secure-by-design practices, patch faster, and take full accountability…
Adobe- und DocuSign-Imitation-Attacken – Neue Phishing-Kampagnen missbrauchen OAuth-Apps

May 1, 2025 8:50 AM

Tags: adobe, phishing

First seen on security-insider.de Jump to article: www.security-insider.de/cyberangriffe-oauth-umleitungsmechanismen-datendiebstahl-a-67ad0bcf70b4ce0ce1a2e730785b18d5/
Advanced Multi-Stage Carding Attack Hits Magento Site Using Fake GIFs and Reverse Proxy Malware

Apr 28, 2025 6:51 PM

Tags: adobe, attack, credit-card, cyber, data, malicious, malware, vulnerability

A multi-stage carding attack has been uncovered targeting a Magento eCommerce website running an outdated version 1.9.2.4. This version, unsupported by Adobe since June 2020, left the site vulnerable due to unpatched security flaws. The malware employed a deceptive .gif file, tampered browser sessionStorage data, and a malicious reverse proxy server to steal credit card…
Microsoft Defender XDR stuft Adobe Acrobat Cloud-Links als bösartig ein Folge war, dass sensible Dokument öffentlich wurden

Apr 25, 2025 12:50 AM

Tags: adobe, cloud, edr, microsoft

Es hat mal wieder arg “gerappelt”. Der Microsoft Defender XDR hat beim Adobe Acrobat Cloud-Links fälschlich als “bösartig” eingestuft. Das hatte und hat zur Folge, dass plötzlich Tausende Adobe-Nutzer mehr als 1.700 sensible Dokumente auf der Online-Plattform AnyRun prüfen ließen. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/24/microsoft-defender-xdr-stuft-adobe-acrobat-cloud-links-als-boesartig-ein-folge-war-dass-sensible-dokument-oeffentlich-wurden/
Microsoft fixes machine learning bug flagging Adobe emails as spam

Apr 24, 2025 9:50 PM

Tags: adobe, email, microsoft, spam

Microsoft says it mitigated a known issue in one of its machine learning (ML) models that mistakenly flagged Adobe emails in Exchange Online as spam. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-machine-learning-bug-flagging-adobe-emails-as-spam/
CISO Conversations: Maarten Van Horenbeeck, SVP Chief Security officer at Adobe

Apr 15, 2025 12:28 PM

Tags: adobe, ciso, google, microsoft

Van Horenbeeck’s career spans some of the biggest companies in tech: Verizon, Microsoft, Google, Amazon, Zendesk, and now SVP and CSO at Adobe. The post CISO Conversations: Maarten Van Horenbeeck, SVP & Chief Security officer at Adobe appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ciso-conversations-maarten-van-horenbeeck-svp-chief-security-officer-at-adobe/
Adobe Security Update: Patches Released for Multiple Product Vulnerabilities

Apr 9, 2025 5:55 PM

Tags: adobe, cyber, exploit, incident response, security-incident, software, update, vulnerability

Adobe has announced critical security updates for several of its popular software products, addressing vulnerabilities that could potentially be exploited by attackers. The Product Security Incident Response Team (PSIRT) has urged all users to apply these updates immediately to protect their systems and data. These updates are part of Adobe’s ongoing commitment to ensuring the…
New Adobe Security Update Fixes Critical Exploits, Don’t Delay Your Update

Apr 9, 2025 5:55 PM

Tags: access, adobe, exploit, leak, update, vulnerability

Adobe has released a new security update addressing 30 vulnerabilities across various products, including multiple critical-severity bugs in ColdFusion versions”¯2025, 2023 and 2021 that could result in arbitrary file read and code execution. This Adobe security update includes patches for critical issues that could lead to code execution, arbitrary file system access, memory leaks, and…
Adobe Calls Urgent Attention to Critical ColdFusion Flaws

Apr 8, 2025 8:42 PM

Tags: adobe, flaw, update, vulnerability

The Adobe Patch Tuesday rollout covers 54 vulnerabilities, including code execution issues in the oft-targeted Adobe ColdFusion software. The post Adobe Calls Urgent Attention to Critical ColdFusion Flaws appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/adobe-calls-urgent-attention-to-critical-coldfusion-flaws/
Threat Actors Abuse Trust in Cloud Collaboration Platforms

Mar 26, 2025 8:35 PM

Tags: adobe, cloud, credentials, email, exploit, threat

Threat actors are exploiting cloud platforms like Adobe and Dropbox to evade email gateways and steal credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threat-actors-abuse-cloud-platforms/
Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist

Mar 17, 2025 9:52 AM

Tags: adobe, exploit, vulnerability

The vulnerability was being exploited in the wild, targeting two versions of Adobe ColdFusion. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/adobe-patches-critical-deserialization-vulnerability-but-exploits-persist
Adobe Acrobat Vulnerabilities Enable Remote Code Execution

Mar 17, 2025 8:52 AM

Tags: adobe, cisco, cyber, detection, remote-code-execution, vulnerability

A recent disclosure by Cisco Talos’ Vulnerability Discovery & Research team highlighted several vulnerability issues in Adobe Acrobat. All of these vulnerabilities have been addressed by their respective vendors, aligning with Cisco’s third-party vulnerability disclosure policy. For detection of these vulnerabilities, users can utilize the latest Snort rule sets available from Snort.org and refer to…
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts

Mar 16, 2025 4:52 PM

Tags: adobe, cybercrime, malicious, malware, microsoft

Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/
Miniaudio and Adobe Acrobat Reader vulnerabilities

Mar 13, 2025 7:52 PM

Tags: adobe, cisco, vulnerability

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a Miniaudio and three Adobe vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort coverage First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/miniaudio-and-adobe-acrobat-reader-vulnerabilities/
Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader

Mar 11, 2025 6:54 PM

Tags: adobe, flaw, update

Adobe documents 35 security flaws in a wide range of products, including code-execution issues in the Acrobat and Reader applications. The post Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/patch-tuesday-critical-code-execution-bugs-in-acrobat-and-reader/
Aktive Ausnutzung! – Kritische Sicherheitslücke in Adobe Coldfusion

Mar 5, 2025 7:34 AM

Tags: adobe, bug

First seen on security-insider.de Jump to article: www.security-insider.de/adobe-coldfusion-hotfixes-gegen-cyberangriffe-a-6214544a080b2fca8984780aad794703/
Critical deserialization bugs in Adobe, Oracle software actively exploited, warns CISA

Feb 25, 2025 2:23 PM

Tags: access, adobe, attack, cisa, cve, exploit, flaw, government, military, network, oracle, risk, software, update, vulnerability

Oracle Agile PLM flaw open to N-days: The other vulnerability, fixed in January 2024, is a high severity (CVSS 8.8/10) flaw in the export component of the Oracle’s PLM software, and stems from the improper handling of serialized data. It’s tracked as CVE-2024-20953. Successful exploitation could enable a low-privileged attacker with network access via HTTP…
U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog

Feb 25, 2025 12:23 PM

Tags: adobe, cisa, cve, cybersecurity, exploit, infrastructure, kev, oracle, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM)vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: CVE-2017-3066(CVSS score of 9.8) is a…
CISA KEV Catalog Updated with Adobe ColdFusion and Oracle Agile PLM Vulnerabilities

Feb 25, 2025 11:23 AM

Tags: adobe, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, oracle, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog by adding two significant security flaws one affecting Adobe ColdFusion and the other impacting Oracle Agile Product Lifecycle Management (PLM). CVE-2017-3066 in… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cisa-kev-catalog-adobe-coldfusion-oracle-vulnerabilities/
CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities

Feb 25, 2025 11:23 AM

Tags: adobe, cisa, cybersecurity, exploit, infrastructure, kev, oracle, risk, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical vulnerabilities, both actively being exploited in the wild. These vulnerabilities, related to Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM), have been identified as security risks to federal agencies and organizations worldwide. First seen…
Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA

Feb 25, 2025 6:23 AM

Tags: adobe, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, oracle, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities in question are listed below -CVE-2017-3066 (CVSS score: 9.8) – A deserialization vulnerability impacting First seen on thehackernews.com…
Microsoft, McAfee und Adobe: 200.000 Phishing-Mails entdeckt

Feb 24, 2025 2:23 PM

Tags: adobe, cyber, mail, microsoft, phishing, software

Sicherheitsforscher von Check Point Software Technologies Ltd. haben eine massive Phishing-Kampagne aufgedeckt, bei der Cyber-Kriminelle auf ausgeklügelte URL-Manipulation setzen. Insgesamt wurden 200.000 betrügerische E-Mails entdeckt, die sich weltweit verbreiten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/microsoft-mcafee-und-adobe-200-000-phishing-mails-entdeckt
Gefahr durch Phishing-Mails, die Microsoft, McAfee und Adobe nachahmen

Feb 24, 2025 1:23 PM

Tags: adobe, fraud, mail, microsoft, phishing, software, usa

Die Sicherheitsforscher von Check Point Software Technologies haben 200 000 Phishing-E-Mails entdeckt, die URL-Informationen zur Verschleierung von Phishing-Links missbrauchten. Der Betrug wurde erstmals am 21. Januar 2025 beobachtet und ist nach wie vor im Gange, wobei das tägliche Bedrohungsvolumen abnimmt. Geografisch betrachtet wurden 75 Prozent der E-Mails in den USA verbreitet, 17 Prozent in der…
Fake ‘Adobe Drive X’ App Sneaks Through Microsoft Login to Steal Credentials

Feb 17, 2025 5:46 AM

Tags: adobe, credentials, defense, login, microsoft, phishing

Cofense’s Phishing Defense Center (PDC) has uncovered a phishing campaign that uses a legitimate Microsoft login page to First seen on securityonline.info Jump to article: securityonline.info/fake-adobe-drive-x-app-sneaks-through-microsoft-login-to-steal-credentials/
Adobe-Updates: Commerce und reichlich Software von Schwachstellen betroffen

Feb 12, 2025 12:55 PM

Tags: adobe, software, update, vulnerability

Aktualisierungen für Adobe-Software schließen teils kritische Lücken. Nutzer von Illustrator, InDesign und Co. sollten zügig handeln. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/adobe-updates-commerce-und-reichlich-software-von-schwachstellen-betroffen-310067.html
Adobe-Patchday: Schadcode-Sicherheitslücken gefährden Illustrator & Co.

Feb 12, 2025 9:55 AM

Tags: adobe, computer, exploit

Angreifer können an mehreren Sicherheitslücken in Anwendungen von Adobe ansetzen, um Computer zu kompromittieren. First seen on heise.de Jump to article: www.heise.de/news/Adobe-Patchday-Schadcode-Sicherheitsluecken-gefaehrden-Illustrator-Co-10279209.html
Adobe Plugs 45 Software Security Holes, Warns of Code Execution Risks

Feb 12, 2025 6:55 AM

Tags: adobe, exploit, remote-code-execution, risk, software, update, vulnerability

Patch Tuesday: Adobe patches 45 vulnerabilities across multiple products and warns of remote code execution exploitation risks. The post Adobe Plugs 45 Software Security Holes, Warns of Code Execution Risks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/adobe-plugs-45-software-security-holes-warn-of-code-execution-risks/
Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks

Feb 11, 2025 8:55 PM

Tags: adobe, exploit, remote-code-execution, risk, software, update, vulnerability

Patch Tuesday: Adobe patches 45 vulnerabilities across multiple products and warn of remote code execution exploitation risks. The post Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/adobe-plugs-45-software-security-holes-warn-of-code-execution-risks/
Adobe-Patchday: Gefährliche Sicherheitslücken in Photoshop & Co. geschlossen

Jan 15, 2025 10:02 AM

Tags: adobe, computer

Angreifer können Adobe-Anwendungen attackieren, um Computer zu kompromittieren. Sicherheitsupdates schaffen Abhilfe. First seen on heise.de Jump to article: www.heise.de/news/Adobe-Patchday-Schadcode-Attacken-auf-Photoshop-Co-moeglich-10243019.html