Adobe fixed a critical vulnerability in Acrobat and Reader that attackers have been exploiting since at least November 2025. The flaw, CVE-2026-34621, lets hackers execute code simply by getting victims to open a malicious PDF.

Security researcher Haifei Li discovered the exploit on a threat-sharing platform, where it had been sitting largely undetected since March. The sophisticated attack fingerprints victims' systems, steals sensitive data, and can deploy additional malware.

Adobe confirmed active exploitation and released patches on April 11. The company urges immediate updates, as the vulnerability affects the latest versions and requires no user interaction beyond opening the PDF file.

Source: Dark Reading

ShinyHunters, a cybercriminal group, has breached Rockstar Games' servers and is demanding ransom payment by April 14, 2026, or they'll release stolen company data. This marks the second major attack on the Grand Theft Auto studio in three years.

Rockstar downplayed the breach, stating only "limited" non-material information was accessed through a third-party server, with no impact on players. However, any leak could be damaging given the tight secrecy around Grand Theft Auto VI, which has cost nearly $2 billion over 10 years of development.

The previous 2022 breach by teenager Arion Kurtaj cost Rockstar $5 million in recovery efforts. Grand Theft Auto VI was recently delayed to November 2026.

Source: The Guardian

OpenAI confirmed Friday it was affected by a supply chain attack on Axios, a popular JavaScript library with over 100 million weekly downloads. North Korean hackers compromised an Axios maintainer's account in late March and published malicious packages that were live for just hours before detection.

The attack hit OpenAI's macOS app-signing process, potentially exposing certificates used to sign ChatGPT Desktop and other applications. While OpenAI believes the certificate wasn't compromised, they're revoking it as a precaution and will fully revoke it by May 2026.

Cybersecurity firms found evidence of compromise on 135 machines, with the malicious code executing in 3% of affected environments. The attack is linked to UNC1069, a North Korean group known for cryptocurrency theft.

Source: Security Week

Adobe released an emergency security patch for a critical zero-day vulnerability in Acrobat Reader that hackers are actively exploiting. The flaw, tracked as CVE-2026-34621, allows attackers to execute malicious code by tricking users into opening specially crafted PDF files.

The vulnerability stems from prototype pollution, where attackers can manipulate the application's underlying logic through malicious properties. It affects Acrobat Reader versions 24.001.30356, 26.001.21367, and earlier versions.

Threat actors are disguising malicious PDFs as legitimate business documents like invoices or legal records. Organizations should immediately apply Adobe's security updates and strengthen email filtering to block suspicious PDF attachments before they reach users.

Source: Cybersecurity News

A cyber attack has targeted Northern Ireland's C2K school network, forcing the Education Authority to reset all passwords and lock out students and staff during Easter break. The timing couldn't be worse - over 800 pupils at Methodist College Belfast alone are preparing for GCSE, AS and A-Level exams starting just weeks after the holidays.

Students can't access Google Classroom, OneDrive, emails, or revision materials uploaded by teachers throughout the year. With only two weeks between Easter and study leave, the disruption is piling pressure on exam candidates who planned to use the break for intensive revision.

The EA is investigating whether personal data was compromised and working with authorities including the Information Commissioner's Office. They've apologized for the impact but can't yet confirm when access will be restored.

Source: BBC

Telehealth company Hims & Hers suffered a data breach between February 4-7 when hackers accessed customer support tickets containing names, email addresses, and medical information. The ShinyHunters group claimed responsibility for the attack on the third-party support platform.

This breach is particularly concerning because Hims specializes in sensitive health issues like erectile dysfunction, hair loss, and mental health—conditions that carry significant stigma. The exposed data could potentially enable blackmail attempts against affected customers.

Hims took a month to determine what information was compromised and another month to notify customers. The company is offering free credit monitoring to impacted users.

Source: Dark Reading

Cyber criminals have breached Healthdaq, an Irish recruitment platform used by Northern Ireland health trusts, claiming to have stolen nearly 500,000 sensitive files. The hackers, known as XP95, accessed personal data including names, CVs, passports, driving licenses, criminal background checks, and vaccine records on March 30th.

All Northern Ireland health trusts have been notified and are advising staff to remain vigilant. The breach poses risks of identity theft and fraud given the sensitive nature of healthcare worker data stored on the platform.

Healthdaq, headquartered in Dublin with international operations, says the incident has been contained and security measures implemented. The Information Commissioner's Office is now investigating the breach.

Source: BBC News

A security researcher using the alias "Chaotic Eclipse" publicly released exploit code for an unpatched Windows zero-day vulnerability called "BlueHammer" on April 2, citing frustration with Microsoft's Security Response Center. The flaw combines a race condition and path confusion in Windows Defender's update system, potentially allowing local attackers to access password hashes and gain administrator rights.

The exploit currently works on desktop systems but not Windows Server. Security experts warn that skilled threat actors could quickly weaponize the proof-of-concept code, with ransomware groups typically deploying such exploits within days of release.

This incident highlights ongoing tensions between security researchers and Microsoft's vulnerability disclosure process, which critics have long called frustrating and opaque despite the company's 2023 promises to improve transparency.

Source: Dark Reading

Hackers are exploiting an unpatched vulnerability in Adobe Reader to steal sensitive data from victims' computers. The attack works simply by opening a malicious PDF file - no other user interaction required.

The exploit, detected by EXPMON's threat-hunting system, bypasses Adobe's security protections to read local files and transmit system information to attacker servers at IP address 169.40.2.68. This includes operating system details, language settings, and file paths.

What makes this particularly dangerous is the two-stage attack. After initial data theft, attackers can send back additional malicious code capable of complete system takeover through Remote Code Execution.

Adobe has been notified but no patch exists yet. Users should avoid opening PDFs from unknown sources immediately.

Source: Cybersecurity News

The UK's National Cyber Security Centre warned Tuesday that Russian hackers are exploiting common internet routers to steal credentials and access home networks. The attacks, likely carried out by APT28 (Fancy Bear) linked to Russian intelligence, target "edge devices" like routers that users often forget to update.

Once compromised, hackers can redirect users to fake banking sites, access phones and PCs on the network, and harvest intelligence. Professor Alan Woodward from University of Surrey called routers a "weak point" that attackers use to establish network footholds.

The warning follows the US banning foreign-made routers over national security concerns. Experts urge users to keep routers updated, as many devices no longer receive security patches.

Source: The Guardian