A zero-day vulnerability in Adobe Reader has been exploited by threat actors since December 2025, utilizing malicious PDFs to compromise systems. The sophisticated exploit, described by EXPMON's Haifei Li, involves highly crafted PDF documents, with one such artifact, "Invoice540.pdf", first appearing on VirusTotal on November 28, 2025. This exploit has been leveraging the previously unknown vulnerability, allowing attackers to gain unauthorized access to systems without being detected by traditional security measures. The fact that this vulnerability has been exploited for months without a patch1 highlights the significant challenge faced by defenders in keeping pace with emerging threats. The use of zero-day exploits means that defenders are already behind, making it essential for users to exercise extreme caution when handling PDF documents from unknown sources. This vulnerability poses a significant risk to individuals and organizations relying on Adobe Reader, so what matters most is the urgent need for a patch or alternative mitigation strategies to prevent further exploitation.
Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
⚠️ Critical Alert
Why This Matters
Zero-day exploitation means the vulnerability is being used before patches exist — defenders are already behind.
References
- The Hacker News. (2026, April 9). Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025. *The Hacker News*. https://thehackernews.com/2026/04/adobe-reader-zero-day-exploited-via.html
Original Source
The Hacker News
Read original →