"The identified PDF acts as an initial exploit with the capability to collect and leak various types of information, potentially followed by remote code execution (RCE) and sandbox escape (SBX) exploits."
"While Li has confirmed that the identified exploit collects user and other data from the compromised system, he was unable to reproduce the complete attack chain and obtain additional payloads."
"One sample identified on VirusTotal was submitted in November 2025, which indicates that the vulnerability has been exploited for at least 4 months."
"The malicious PDFs contained Russian-language lures and referenced current events in Russia's oil and gas sector."
A researcher has identified an actively exploited zero-day vulnerability in Adobe Reader, detected by the Expmon system. The exploit can collect and leak user data, potentially leading to remote code execution and sandbox escape. Despite confirming the exploit's functionality against the latest Adobe Reader version, the researcher could not reproduce the full attack chain. Exploits have been submitted to Expmon and VirusTotal, with evidence suggesting the vulnerability has been exploited for several months. The malicious PDFs involved contain Russian-language lures related to the oil and gas sector.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]