// #adobe
2 articles
Adobe Acrobat Reader Zero-Day CVE-2026-34621 Exploited for Four Months Before Patch
Adobe has released an emergency patch for CVE-2026-34621, a prototype pollution vulnerability in Acrobat Reader that has been actively exploited since at least November 2025. Opening a crafted PDF triggers JavaScript execution that fingerprints the victim's system and can deploy RCE and sandbox escape payloads. CISA added the CVE to the KEV catalogue the same day, requiring federal agencies to patch by 27 April.
CISA Adds Seven CVEs to KEV Including Decade-Old Microsoft Bugs Exploited by Storm-1175
CISA has added seven vulnerabilities to the Known Exploited Vulnerabilities catalogue, including four Microsoft flaws spanning from 2012 to 2025 being actively leveraged by the Storm-1175 ransomware group. The additions highlight a persistent patching blind spot: vulnerabilities patched years ago that never made it into legacy system maintenance cycles, now routinely weaponised for initial access and privilege escalation.