Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild
Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.
Search across headline titles and summaries.
Background for this topic.
A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.
Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild
Early Tests of New Anthropic AI Model Show Fast Detection, Better Flaw CorrelationCrowdStrike's early testing of Anthropic's new Claude Mythos Preview AI model shows faster vulnerability detection and improved cross-system context, signaling a shift toward AI-driven security operations that compress discovery-to-response timelines and force new defensive frameworks.
The US government warns programmable logic controllers are being targeted, and research turns up 179 vulnerable operational technology (OT) devices.
Just what FOSS developers need – a flood of AI-discovered vulnerabilities Opinion Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to hunt down and fix long-hidden vulnerabilities in critical open source software that it's finding with its new Mythos AI program. Or as The Reg put it, "an AI model that can generate zero-day vulnerabilities."…
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig
Project Glasswing Strengthens Key Platforms, Leaves Broad Exposure UntouchedProject Glasswing is giving select cybersecurity giants early access to Anthropic’s Claude Mythos Preview, boosting investor confidence in leaders Palo Alto Networks and CrowdStrike while raising concerns that smaller vendors, vulnerability firms and the broader internet will fall further behind.
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk
Asymmetry Between Exploits Wielded by Nation-States and Hackers Will DisappearAnthropic's announcement that its Mythos Preview large language model can find serious zero-day flaws across all manner of code bases old and new, and quickly chain vulnerabilities together to build working exploits, promises to democratize access to such capabilities.
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't
Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025
Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. [...]
Even fitness equipment is vulnerable to mischief makers these days PWNED Welcome back to Pwned, the column where we share war stories from IT soldiers who shot themselves – or watched someone else shoot themselves – in the foot. Today's tale shows that even when you're setting up something as simple as fitness gear, there's no excuse for leaving security credentials lying around.…
Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.
But Expect Plenty of Bottlenecks in Coordination, Validation and Patch DeploymentAnthropic's Claude Mythos Preview shows how AI can discover and chain vulnerabilities at scale, but the bigger challenge for defenders is redesigning disclosure, triage and patching processes so fixes can be deployed safely before attackers exploit the gap.
CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January. [...]
Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. [...]
Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately
Anthropic launches Project Glasswing, using its Claude Mythos Preview AI to autonomously identify and fix undiscovered vulnerabilities in critical software
Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities
Anthropic’s Claude AI has helped researchers find a vulnerability in Apache ActiveMQ Classic