Live Threats
[STRUTS]Apache Struts zero-day (CVE-2026-3101) under mass exploitation — ransomware groups deploying web shells on Java web apps. Patch immediately.|
[LAZARUS]North Korean Lazarus Group targets SMB defense contractors via fake LinkedIn recruiter profiles delivering trojanized job documents.|
[DEEPFAKE]Deepfake CEO video call fraud stole $3.2M in a single transaction. AI voice and face synthesis now indistinguishable — targeting US SMBs.|
[CHROME]CVE-2026-2356 Chrome zero-day actively exploited to deliver spyware. Update to 136.0.7103.92 immediately on all devices.|
[HIPAA]HHS finalized major HIPAA Security Rule updates — mandatory encryption at rest, MFA, and annual pen testing effective December 31, 2026.|
[CISA KEV]CISA added 15 new KEV entries this week — six are priority patches for internet-facing systems including Struts, Chrome, Cisco, Fortinet, Ivanti, and VMware.|
[STRUTS]Apache Struts zero-day (CVE-2026-3101) under mass exploitation — ransomware groups deploying web shells on Java web apps. Patch immediately.|
[LAZARUS]North Korean Lazarus Group targets SMB defense contractors via fake LinkedIn recruiter profiles delivering trojanized job documents.|
[DEEPFAKE]Deepfake CEO video call fraud stole $3.2M in a single transaction. AI voice and face synthesis now indistinguishable — targeting US SMBs.|
[CHROME]CVE-2026-2356 Chrome zero-day actively exploited to deliver spyware. Update to 136.0.7103.92 immediately on all devices.|
[HIPAA]HHS finalized major HIPAA Security Rule updates — mandatory encryption at rest, MFA, and annual pen testing effective December 31, 2026.|
[CISA KEV]CISA added 15 new KEV entries this week — six are priority patches for internet-facing systems including Struts, Chrome, Cisco, Fortinet, Ivanti, and VMware.|
View All
Adobe Acrobat & Reader: 12 Critical Vulnerabilities Patched
Security News/Issue #16 — April 7 – April 13, 2026
PATCH UPDATEHIGH

Adobe Acrobat & Reader: 12 Critical Vulnerabilities Patched

Published April 10, 2026
4 min read
Source: Adobe Security Bulletin
SHARE:
Affected Systems
Adobe Acrobat DCAdobe Acrobat Reader DCAdobe Acrobat 2020Adobe Acrobat Reader 2020
Executive Summary

Adobe released security updates for Acrobat and Reader addressing 12 critical vulnerabilities that could allow arbitrary code execution when opening a malicious PDF. Enable automatic updates or deploy via your RMM tool immediately.

Vulnerability Details

Adobe released APSB26-14, a security bulletin addressing 12 critical and 8 important vulnerabilities in Adobe Acrobat and Reader. The critical vulnerabilities include use-after-free flaws, out-of-bounds write vulnerabilities, and heap buffer overflow issues that could allow an attacker to execute arbitrary code in the context of the current user. Exploitation requires a user to open a specially crafted PDF document — no other interaction is required. Given that PDF documents are one of the most common file types exchanged in business communications, this represents a significant risk.

Why This Matters for SMBs

Adobe Acrobat and Reader are installed on the vast majority of business computers. PDFs are used for invoices, contracts, reports, and countless other business documents. Attackers frequently use malicious PDFs as a delivery mechanism for malware because they are trusted file types that employees open without hesitation. A single employee opening a malicious PDF attachment in a phishing email could result in a complete system compromise. With 12 critical vulnerabilities now publicly disclosed, attackers will quickly develop exploits targeting unpatched systems.

Update Instructions

To update Adobe Acrobat or Reader manually, open the application and go to Help > Check for Updates. Alternatively, enable automatic updates in Edit > Preferences > Updater. For organizations managing multiple endpoints, deploy the update through your Remote Monitoring and Management (RMM) tool or software deployment system. Adobe has also published the updated installers on their website for manual deployment. The fixed versions are Acrobat DC 24.005.21009 and Acrobat 2020 20.005.30748.

Key Takeaways & Action Items
  • Update Adobe Acrobat and Reader to the latest version immediately
  • Enable automatic updates in Adobe Acrobat preferences
  • Train employees not to open PDF attachments from unknown senders
  • Consider deploying PDFs in Protected View mode by default
  • Deploy the update via your RMM tool if you manage multiple endpoints
Share This
LinkedInX / TwitterEmail

Need Help With This Threat?

Our San Antonio security team can assess your exposure, apply patches, and protect your business before attackers strike.

Schedule a Security ReviewCall (210) 496-7313

Stay ahead of the next threat

Get weekly security alerts — breaches, patch updates, compliance news, and threat intel — delivered free to your inbox every week.

Breach alerts
Patch roundups
Compliance news
No spam, ever
Back to Issue #16: April 7 – April 13, 2026
PREVIOUS ARTICLE
Cisco IOS XE: 9 High-Severity Vulnerabilities Patched — Update Now
NEXT ARTICLE
HHS Ramps Up HIPAA Enforcement: 40% Increase in Q1 2026 Actions
Talk with Us