Signal
Adobe Reader zero-day exploited via malicious PDFs for months
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-04-09 08:44 UTCUpdated 2026-04-09 23:00 UTC
rss
cveexploitsmalwareincident_response
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
Since at least November 2025, threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Acrobat Reader by distributing malicious PDF files.
Entities
AdobeEXPMONHaifei Li
Score total
1.82
Momentum 24h
6
Posts
6
Origins
6
Source types
1
Duplicate ratio
0%
Why now
- The exploit has been active and undetected for several months, increasing exposure.
- Recent discovery by EXPMON highlights the need for immediate mitigation and awareness.
- Attackers continue to use sophisticated PDF-based methods to evade detection and profile victims.
Why it matters
- The zero-day exploit enables attackers to stealthily gather system info for targeted follow-up attacks.
- Adobe Reader is widely used, increasing the potential impact of malicious PDFs exploiting this flaw.
- The vulnerability remains unpatched, posing ongoing risk to users opening PDF documents.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
- A zero-day vulnerability in Adobe Acrobat Reader has been exploited since at least November 2025 using malicious PDF files.
- The exploit uses JavaScript in PDFs to collect system information and send it to remote servers for attacker reconnaissance.
How sources frame it
- Haifei Li (security Researcher): neutral
This Adobe Reader zero-day exploit demonstrates the persistent threat of file-based attacks leveraging common document formats to conduct reconnaissance and enable further compromise.
All evidence
All evidence
Hackers have been exploiting an unpatched Adobe Reader vulnerability for months
CSO Online · csoonline.com · 2026-04-09 23:00 UTC
Months-old Adobe Reader zero-day uses PDFs to size up targets
The Register Security · go.theregister.com · 2026-04-09 14:30 UTC
Acrobat Reader zero-day exploited in the wild for many months
Help Net Security · helpnetsecurity.com · 2026-04-09 11:44 UTC
Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
thehackernews · thehackernews.com · 2026-04-09 11:15 UTC
Hackers exploiting Acrobat Reader zero-day flaw since December
bleepingcomputer_all · bleepingcomputer.com · 2026-04-09 09:22 UTC
Adobe Reader Zero-Day Exploited for Months: Researcher
SecurityWeek · securityweek.com · 2026-04-09 08:44 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 6Origin domains: 6Duplicates: -
Showing 6 / 0
Top publishers (this list)
- CSO Online (1)
- The Register Security (1)
- Help Net Security (1)
- thehackernews (1)
- bleepingcomputer_all (1)
- SecurityWeek (1)
Top origin domains (this list)
- csoonline.com (1)
- go.theregister.com (1)
- helpnetsecurity.com (1)
- thehackernews.com (1)
- bleepingcomputer.com (1)
- securityweek.com (1)