< ciso
brief />
Tag Banner

All news with #adobe tag

34 articles

CISA directs federal patch for ColdFusion zero-day

🔒 The U.S. Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch an actively exploited, maximum-severity vulnerability in Adobe ColdFusion (CVE-2026-48282) by Friday. Adobe published fixes for affected ColdFusion versions last week and urged administrators to install updates immediately. The flaw enables unauthenticated remote code execution in low-complexity attacks and has been observed in the wild soon after disclosure. CISA added the issue to its KEV catalog and invoked BOD 26-04 to enforce remediation timelines for FCEB agencies.
read more →

CISA Adds Four Newly Exploited Vulnerabilities

🛡️ The US Cybersecurity and Infrastructure Security Agency (CISA) added four vulnerabilities to its Known Exploited Vulnerabilities catalog, citing active exploitation. The flaws include critical Adobe ColdFusion path traversal (CVE-2026-48282), Joomlack Page Builder improper access control (CVE-2026-56290), Langflow authorization bypass (CVE-2026-55255), and JoomShaper SP Page Builder unrestricted file upload (CVE-2026-48908). Exploitation observed ranged from immediate post-disclosure attacks to targeted campaigns stealing credentials and deploying web shells. Agencies are urged to apply patches by July 10, 2026.
read more →

Adobe warns of exploited maximum severity ColdFusion flaw

🛡️ Adobe has urged ColdFusion customers to patch immediately after at least one maximum severity flaw was reported as being exploited. The company released fixes for 11 CVEs in the APSB26-68 bulletin on June 30, six carrying a CVSS score of 10. Researchers reported that CVE-2026-48282, a path traversal allowing potential arbitrary code execution, was targeted within hours of disclosure. There are 775 exposed ColdFusion instances online, increasing the risk for rapid exploitation.
read more →

Max-severity Adobe ColdFusion flaw being actively exploited

🔧 Adobe has issued emergency updates to fix a maximum-severity ColdFusion vulnerability (CVE-2026-48282) that is now being actively exploited, the Canadian Center for Cyber Security (CCCS) warned. The flaw affects ColdFusion 2025.9, 2023.20, and earlier, enabling unauthenticated remote code execution on unpatched systems. Adobe urges administrators to install the patch immediately, and Shadowserver reports nearly 800 exposed ColdFusion instances online.
read more →

Adobe adds second monthly Patch Tuesday cycle

🛡️ Adobe will publish security updates twice each month to address faster vulnerability discovery and exploitation. The company will keep its existing second-Tuesday schedule and add a fourth-Tuesday release starting July, applying to advisories with CVEs needing customer action. Adobe cited increased threats and investment in vulnerability discovery as drivers for the new cadence. The change mirrors industry trends toward more frequent patching.
read more →

Adobe fixes critical ColdFusion and Campaign flaws

🛡️ Adobe released urgent patches addressing multiple maximum-severity vulnerabilities in ColdFusion and Adobe Campaign Classic, including several CVSS 10.0 issues. The ColdFusion fixes are included in ColdFusion 2023 Update 21 and ColdFusion 2025 Update 10, while the Campaign patch is in ACC v7: 7.4.3 build 9397. Adobe reports no known active exploitation and credited external researchers for several reports.
read more →

Adobe fixes seven critical ColdFusion and Campaign flaws

🛡️ Adobe released patches addressing seven maximum-severity vulnerabilities in ColdFusion and Campaign Classic. These issues allow low-complexity, no-interaction attacks and were assigned priority 1, prompting administrators to update within 72 hours. Six flaws impact ColdFusion 2025.9, 2023.20 and earlier, enabling remote code execution, while one affects on-premises Campaign Classic builds and may permit arbitrary code execution in the user context.
read more →

Amazon Quick expands integrations with 16 new connectors

🔗 Amazon Quick now connects to 16 additional tools including Adobe, Figma, WhatsApp, Snowflake, and Smartsheet, enabling teams to act on insights without switching context. The new connectors span productivity, design, analytics, financial intelligence, commerce, and communication, so teams can build cross-tool workflows inside Quick. Integrations are available in all AWS Regions where Amazon Quick is offered.
read more →

June Patch Tuesday: Record CVE Count and Critical Fixes

🔒 June Patch Tuesday brought an unprecedented wave of fixes: Microsoft released over 200 CVEs including three disclosed zero-days and 32 critical patches, while SAP and Adobe patched multiple high-severity enterprise flaws. Microsoft warns this increase may become the new normal as AI accelerates vulnerability discovery, urging risk-based prioritization and automated patching. Administrators should urgently assess critical kernel, Active Directory, Hyper-V, and Exchange fixes.
read more →

Talos Discloses TP-Link, Photoshop, OpenVPN, Norton Flaws

🔒 Cisco Talos disclosed multiple vulnerabilities affecting TP‑Link, Adobe Photoshop, OpenVPN, and Norton VPN. Most issues were patched by vendors under Cisco’s third‑party disclosure policy; the Norton installer flaw was observed in use before a patch was available. The TP‑Link Archer AX53 firmware contains eight issues including buffer overflow and several command injection and config‑control flaws that allow code execution or arbitrary file access. Talos recommends applying vendor updates and using updated Snort rules to detect exploitation.
read more →

April Patch Tuesday: Critical Flaws in SAP, Adobe, Microsoft

🔒 April's Patch Tuesday addresses critical vulnerabilities across major vendors. Patches fix a near-critical SQL injection in SAP (CVE-2026-27681) that enables arbitrary database commands, an actively exploited RCE in Adobe Acrobat Reader (CVE-2026-34621), and numerous high-severity Microsoft, Fortinet, and ColdFusion issues. FortiSandbox fixes close authentication-bypass and command-injection holes, while Adobe's ColdFusion updates remediate multiple code execution and path-traversal flaws. Organizations should prioritize vendor updates and apply mitigations where immediate patching is not possible.
read more →

CISA Adds Six Actively Exploited Flaws in Major Software

🛡️ CISA on Apr 14, 2026 added six vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after observing active exploitation. The flaws affect Fortinet FortiClient EMS, Microsoft components (Exchange Server, Windows drivers, Host Process for Windows Tasks, VBA) and Adobe Acrobat Reader, and include SQL injection, deserialization, out-of-bounds read, use-after-free and insecure library loading. Federal civilian agencies must remediate by April 27, 2026.
read more →

Adobe issues emergency patch for Acrobat/Reader zero-day

🔒 Adobe released an emergency security update to fix a zero-day tracked as CVE-2026-34621, which has been exploited since at least December to bypass Acrobat/Reader sandbox protections. The flaw lets malicious PDFs invoke privileged JavaScript APIs (for example util.readFileIntoStream() and RSS.addFeed()) to read local files and exfiltrate data with no user interaction beyond opening the file. Affected versions of Acrobat DC, Acrobat Reader DC and Acrobat 2024 have fixes available; Adobe urges users to update via Help > Check for Updates or by downloading the installer.
read more →

Weekly Recap: PDF Zero-Day, AI Exploits, Fiber Spying

🔔 Emergency updates address a critical PDF zero‑day in Adobe Acrobat Reader (CVE-2026-34621, CVSS 8.6) that executes malicious JavaScript when specially crafted documents are opened. The report also highlights Anthropic's Mythos being used as an exploit-generation engine, state-linked interference with infrastructure, and research showing telecom optical fibers can be abused for acoustic eavesdropping. Prioritize patching, credential hygiene, and detection for fileless and AI-driven attacks.
read more →

Adobe Patches Actively Exploited Acrobat Reader Flaw

⚠️ Adobe has released emergency updates to address a critical Acrobat Reader vulnerability, CVE-2026-34621, that is being actively exploited in the wild. The flaw is described as prototype pollution and can enable arbitrary code execution when specially crafted PDF files are opened. Fixed builds are available for affected Windows and macOS releases; users and administrators should update immediately.
read more →

Unpatched Adobe Reader Bug Exploited in Recon Campaign

⚠️ A vulnerability in Adobe Reader has been quietly exploited for months, using malicious PDFs with embedded JavaScript that executes when opened to fingerprint hosts and exfiltrate system details. Researcher Haifei Li traced samples back to at least November and confirmed recent variants still run on current Reader builds. The campaign appears focused on reconnaissance and data theft but could enable remote code execution. Mitigations include disabling Acrobat/Reader JavaScript, filtering non‑standard PDFs, marking external attachments, and reinforcing user training.
read more →

Adobe Reader zero-day exploited via crafted PDF lures

⚠️ Security researchers report a previously unknown zero-day in Adobe Reader is being actively exploited via maliciously crafted PDF documents. The exploit, linked to samples named Invoice540.pdf, has been observed since at least December 2025 and executes obfuscated JavaScript to harvest data and retrieve additional payloads. Analysts warn the vulnerability abuses privileged Acrobat APIs, works on the latest Adobe Reader build, and may enable follow-on RCE or sandbox escape.
read more →

Attackers Exploiting Adobe Reader Zero-Day Since December

⚠ Haifei Li has identified a zero-day vulnerability in Adobe Reader that has been exploited since at least December via maliciously crafted PDFs. The attack uses a highly sophisticated, fingerprinting-style exploit that can harvest local data using Acrobat APIs and may enable follow-on RCE or sandbox escape without user interaction beyond opening a file. Li urges users to avoid PDFs from untrusted sources and to monitor network traffic for the Adobe Synchronizer User-Agent string as a temporary mitigation.
read more →

Magento 'PolyShell' REST API Flaw Affects 2.x Releases

⚠ Sansec has disclosed a critical file upload vulnerability dubbed PolyShell in Magento's REST API that can let unauthenticated attackers upload arbitrary executables and achieve remote code execution or account takeover. The flaw stems from how custom product options accept a base64-encoded file_info object and write files to pub/media/custom_options/quote/. Adobe applied a fix in the 2.4.9 pre-release (APSB25-94), but most production stores remain unpatched; operators should restrict and block access to the upload directory, verify nginx/Apache rules, scan for web shells, and consider a specialized WAF.
read more →

PolyShell flaw allows unauthenticated RCE in Magento

⚠ A newly disclosed vulnerability called PolyShell affects all Magento Open Source and Adobe Commerce version 2 installations, enabling unauthenticated code execution and potential account takeover. Adobe has issued a fix only in the 2.4.9 alpha, leaving production sites exposed. Sansec warns the exploit method is already circulating and urges admins to restrict access to pub/media/custom_options/, verify nginx/Apache rules, and scan for uploaded shells or backdoors.
read more →