Adobe & Web Attacks: Critical 0-Day Patched, Watering Hole Spreads RAT

Adobe Patches Actively Exploited 0-Day in Acrobat Reader (CVE-2026-34621)

• Adobe released an emergency security update for Acrobat Reader and Acrobat to address a critical zero-day vulnerability, CVE-2026-34621, which was being actively exploited in the wild.
• The flaw, described as an arbitrary code execution vulnerability, posed a significant risk to users and had been abused for months prior to the patch.
• Users are strongly advised to update their Adobe Acrobat Reader and Acrobat installations immediately to mitigate the risk of exploitation.

Source: Help Net Security | Date: April 13, 2026

CPUID Website Compromised in Watering Hole Attack to Distribute STX RAT

• Security researchers identified a watering hole attack where the legitimate CPUID website was compromised, serving the STX RAT malware instead of popular utilities like CPU-Z and HWMonitor.
• Attackers modified the download links on the CPUID site, leading unsuspecting users to malicious installers disguised as the intended software.
• This campaign aimed to infect users with STX RAT, a remote access trojan capable of full system control and data theft, emphasizing the risks of downloading software from compromised sources.

Source: Security Affairs | Date: April 13, 2026

References

1. Adobe finally patches PDF pest after months of abuse - The Register
2. Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) - Help Net Security
3. Adobe Patches Acrobat Reader 0-Day Vulnerability Exploited in the Wild - Cybersecurity News
4. Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 - The Cyber Express
5. Adobe komt met noodpatch voor actief aangevallen lek in Acrobat Reader - Security.nl
6. CPUID watering hole attack spreads STX RAT malware - Security Affairs
7. Hackers hijacked CPUID downloads, served STX RAT to victims - Help Net Security
8. The CPUID Watering Hole Attack Turning CPU-Z into a Trojan - SecurityOnline.info