Hackers have been exploiting a zero-day vulnerability in Adobe Acrobat Reader, using malicious PDFs to profile targets and selectively compromise systems. The exploit leverages obfuscated JavaScript to gather system information, and then delivers a second-stage payload based on the target's profile, potentially leading to remote code execution. Documents related to the exploit include Russian-language content, suggesting a targeted approach.
Hackers have been quietly exploiting what appears to be a zero-day in Adobe Acrobat Reader for months, using booby-trapped PDFs to profile targets and decide who's worth fully compromising.the campaign uses a malicious PDF that runs as soon as it's opened, working against even up-to-date Reader installations with no clicks required beyond viewing the file.
The exploit leans on heavily obfuscated JavaScript that runs as soon as it's opened. Instead of blowing up straight away, it starts pulling information from the machine using built-in Acrobat APIs, including local files and system details, and sends it back to servers under the attacker's control. The first pass is basically recon. It grabs OS info, language settings, and file paths to figure out what it's landed on. If the box looks useful, it pulls a second-stage payload and runs it inside Reader. Researchers say that stage could escalate things further, up to remote code execution or even a sandbox escape. "Such a mechanism allows the threat actor to collect user information, steal local data, perform advanced 'fingerprinting', and launch future attacks," Li said."If the target meets the attacker's conditions, the attacker may deliver additional exploit to achieve RCE or SBX." In other words, not every victim gets the same treatment. Some systems are only profiled, while others receive a second-stage payload, which suggests a more targeted approach.Prince of PDFs, Adobe CEO Shantanu Narayen, to step down after 18 years Google takes Photoshop to the woodshed with new image AI, found that lure documents tied to the exploit contain Russian-language content referencing current events in the country's oil and gas sector. That doesn't prove attribution, but it does suggest the attackers had a specific audience in mind rather than casting a wide net. What makes this whole thing more than just another PDF bug is how long it appears to have gone unnoticed. Lito a related sample uploaded to VirusTotal on November 28, 2025, suggesting the campaign had been active for at least four months before it was spotted. That puts activity back in late 2025, even though it only came to light in March.x's questions. That leaves users exposed for now, especially if they're in the habit of opening PDFs from unknown sources. ®Anthropic will let your agents sleep on its couch Resilient, continuously active data – with no compromiseGoogle wants more Intel inside ... its datacenters, taps Chipzilla for more SmartNICsAWS: Agents shouldn't be secret, so we built a registry for themDeere oh Deere: Tractor repair row heads for $99M settlement
Adobe Acrobat Reader Zero-Day Exploit Malicious PDF Cyberattack Targeted Attacks
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
An astronaut rolled a D20 in space, so yes, you can play D&D in zero gravityJody's first computer was a Commodore 64, so he remembers having to use a code wheel to play Pool of Radiance. A former music journalist who interviewed everyone from Giorgio Moroder to Trent Reznor, Jody also co-hosted Australia's first radio show about videogames, Zed Games.
Read more »
Reader Struggles to Reclaim Dormant Savings Account and Child Maintenance ChallengesThis article discusses two separate financial dilemmas faced by readers. One reader is trying to retrieve funds from a dormant Barclays savings account, and another is struggling with child maintenance payments after job loss.
Read more »
Incredible photos taken from space are going viral, and everyone's saying Apple should turn them into billboardsDaniel John is Design Editor at Creative Bloq. He reports on the worlds of design, branding and lifestyle tech, and has covered several industry events including Milan Design Week, OFFF Barcelona and Adobe Max in Los Angeles. He has interviewed leaders and designers at brands including Apple, Microsoft and Adobe.
Read more »
Call your existing automation ‘zero-token architecture’ to become an instant agentic AI wiz: Kubernetes luminary Kelsey Hightower thinks IT pros need to get smart about thriving in a world that’s trying to hide deep tech
Read more »
Months-old Adobe Reader zero-day uses PDFs to size up targets: Malicious PDFs abuse legit features to harvest system data and decide which victims get a 2nd-stage payload
Read more »
'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree: Possible link to Mr. Raccoon's claimed Adobe break-in
Read more »