Adobe has released patches for a zero-day vulnerability in Acrobat DC, Reader DC, and Acrobat 2024 that attackers actively exploited for at least four months before disclosure.
The vulnerability affected three of Adobe's most widely used document applications, leaving millions of users exposed to potential attacks during the exploitation window.
Adobe did not immediately disclose additional technical details about the flaw, including its CVSS severity score or the specific attack methods used. The company typically provides comprehensive vulnerability information in its monthly security bulletins.
The four-month exploitation period represents a significant gap between when attackers first leveraged the flaw and when Adobe released patches. This timeline suggests the vulnerability may have been discovered through in-the-wild attacks rather than responsible disclosure channels.
Users of Acrobat DC, Reader DC, and Acrobat 2024 should prioritize applying the available patches. Adobe recommends updating to the latest versions of these applications immediately.
This incident underscores ongoing security challenges in widely deployed software. PDF readers remain frequent targets for exploitation, as they process untrusted documents from external sources. Attackers commonly use malicious PDFs as entry points for system compromise.
Adobe has faced multiple zero-day disclosures in recent years across its product portfolio. The company maintains a bug bounty program and works with security researchers to identify and patch vulnerabilities before public exploitation.
Organizations using these Adobe applications should verify patch deployment across their environments and monitor for any signs of compromise during the four-month window when the flaw was exploited in the wild.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.