← Back to Pulse Feed
PULSE DETAIL
On April 7, 2026, a security researcher described an Adobe Reader zero-day vulnerability that has been exploited since at least December 2025. The vulnerability allows threat actors to execute privileged Acrobat APIs via specially crafted malicious PDF files that execute obfuscated JavaScript when opened. Exploitation allows attackers to steal sensitive user and system data and to potentially launch additional attacks and remotely execute code. Recommendations: Reduce the risk by automatically scanning PDF email attachments, blocking suspicious files, training users to be wary of unsolicited attachments, and advising users to temporarily avoid using Adobe Reader to open PDFs. Reference: https://www.sophos.com/en-us/blog/adobe-reader-zero-day-vulnerability-in-active-exploitation
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (9)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 1929da3ef904efb8c940679045452321 | MD5 of 7f3c6f97612dd0a018797f99fad4df754e5feb35 | 2026-04-13 | |
| FileHash-MD5 | 522cda0c18b410daa033dc66c48eb75a | MD5 of dafd571da1df72fb53bcd250e8b901103b51d6e4 | 2026-04-13 | |
| FileHash-SHA1 | 7f3c6f97612dd0a018797f99fad4df754e5feb35 | — | 2026-04-13 | |
| FileHash-SHA1 | dafd571da1df72fb53bcd250e8b901103b51d6e4 | — | 2026-04-13 | |
| FileHash-SHA256 | 54077a5b15638e354fa02318623775b7a1cc0e8c21e59bcbab333035369e377f | SHA256 of dafd571da1df72fb53bcd250e8b901103b51d6e4 | 2026-04-13 | |
| FileHash-SHA256 | 65dca34b04416f9a113f09718cbe51e11fd58e7287b7863e37f393ed4d25dde7 | SHA256 of 7f3c6f97612dd0a018797f99fad4df754e5feb35 | 2026-04-13 | |
| IPv4 | 169.40.2.68 | CC=US ASN=ASNone | 2026-04-13 | |
| IPv4 | 188.214.34.20 | CC=RO ASN=ASNone | 2026-04-13 | |
| domain | ado-read-parser.com | — | 2026-04-13 |