A zero-day vulnerability in Adobe Reader has been actively exploited since at least December 2025, discovered by security researcher Haifei Li. Attackers use maliciously crafted PDF files with Russian-language lures referencing the Russian oil and gas industry. The exploit requires no user interaction beyond opening a PDF, enables data theft via privileged Acrobat APIs, and can facilitate subsequent remote code execution and sandbox escape attacks. Adobe has been notified but has not yet released a patch. Users are advised to avoid opening PDFs from untrusted sources, and network defenders can block HTTP/HTTPS traffic with 'Adobe Synchronizer' in the User-Agent header as a mitigation.
Sort: