Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Thursday, April 9, 2026 at 11:15 AM UTC·Source: The Hacker News

Updated: Thursday, April 9, 2026 at 11:45 AM UTC

Executive Summary

Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON's Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact ("Invoice540.pdf") first appeared on the VirusTotal platform on November 28, 2025. A second

Analysis

Source Attribution

Originally published by The Hacker News on Apr 9, 2026.

Related Threats

CRITICALZero Day

GreatXML zero-day BitLocker bypass doesn’t seem to work, yet

A disgruntled researcher who has been publishing zero-day Microsoft Windows vulnerabilities for the past several months released a new exploit Thursday that promises to bypass BitLocker encryption on locked devices. A well respected security expert reported that the exploit doesn’t work as initially described, but the researcher is looking for ways to fix it. Dubbed GreatXML, the exploit is suppos

12h agoCSO Online

CRITICALZero Day

ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed

A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.

13h agoDark Reading

CRITICALZero Day

ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw

Oracle still hasn't patched the vulnerability the group has been using in its attacks since late May. The post ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw appeared first on CyberScoop .

17h agoCyberScoop