""This exploit allows the threat actor to not only collect or steal local information but also potentially launch subsequent RCE/SBX attacks, which could lead to full control of the victim's system," said Haifei Li, security researcher and founder of EXPMON."
""The vulnerability impacts Adobe Acrobat Reader and can be triggered simply by opening a malicious PDF, lowering the barrier for attackers and increasing the effectiveness of phishing campaigns.""
""Researchers found that the flaw has already been leveraged in targeted attacks for at least four months, demonstrating the ongoing threat posed by this vulnerability.""
""This adaptive approach improves the exploit's success rate while making it more difficult for victims to detect the attack, highlighting the sophistication of current cyber threats.""
A zero-day vulnerability in Adobe Acrobat Reader has been exploited for months, allowing attackers to use malicious PDF files to steal data and potentially take control of victim systems. Active since December 2025, this campaign demonstrates how routine documents can be entry points for system compromise. The exploit leverages legitimate Acrobat APIs to extract sensitive data and employs a fingerprinting approach to adapt its execution, enhancing the likelihood of success in targeted attacks.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]