we're hacking PDFs again?

A zero-day vulnerability in Adobe Acrobat Reader has been actively exploited since September, leveraging the PDF JavaScript engine to perform sandbox escapes. The malware uses obfuscated JavaScript embedded in PDFs, exploits Adobe's RSS feed functionality to make outbound network requests (bypassing sandbox restrictions), and fingerprints the victim's Windows version by reading ntdll.dll before fetching a targeted exploit payload from a remote server. Adobe confirmed an active critical RCE vulnerability in a security bulletin on April 12th. Users are advised to avoid opening untrusted PDFs and to monitor for suspicious network patterns including language, platform, and viewer version data in outbound requests.