Security researchers discovered a zero-day vulnerability in Adobe Reader. Attackers have actively exploited the flaw since December 2025. The sophisticated exploit triggers automatically when a user opens a malicious PDF document. This vulnerability affects the latest version of the software and requires no user interaction.
The attack steals local data and system information for transmission to a remote server. Researchers have not yet observed full remote code execution. However, the mechanism can be used to deliver additional exploits.
Malicious documents used in these attacks contain Russian-language lures targeting the oil and gas industry. Adobe has been notified of the vulnerability but has not yet released a patch.