Sponsored by
URGENT TECH ALERT
Read ’em and weep
Image: Gemini
⚡ TL;DR
A zero-day flaw in Adobe Acrobat Reader has been exploited since December 2025.
Opening a single PDF is all it takes for hackers to get in your device. No clicks, no downloads.
Adobe released an emergency patch. Update before you open another file.
📖 Read time: 2 minutes
Stop what you’re doing. Right now.
Adobe just pushed an emergency patch for a zero-day flaw that hackers have been exploiting since at least December 2025. Four months. Silently. While you opened PDFs without a second thought.
You open PDFs every single day. Your tax return. Your boarding pass. That contract you signed last week. Your bank statement. Your kid’s school form. Every one of them could have been weaponized, and you would have had absolutely no idea.
Here’s what makes this one particularly nasty.
🔍 What’s happening
The flaw is tracked as CVE-2026-34621. Yeah, I know. Means nothing to you. Here’s what it does.
Hackers figured out how to hide malicious code inside a completely normal-looking PDF. It looks real. It opens normally. But the moment you open it, the hidden code runs. No extra clicks. No downloading anything. No warning. Open the file, and you’re done.
Once they’re in, attackers can steal files directly off your hard drive, grab passwords, pull in more malicious code from their own servers and potentially take complete control of your machine. This isn’t theoretical. This was happening.
Researchers found attacks running in the wild going back to December. Adobe sat on it until a security researcher named Haifei Li caught it, went public and forced their hand.
CISA, the federal cybersecurity agency, added it to their Known Exploited Vulnerabilities list yesterday and gave federal agencies until April 27 to patch. When the government issues a deadline, pay attention.
Don’t worry, I have your back. The fix is below.
Sponsored by
Is Your Retirement Plan Built to Last?
Most people saving for retirement have a number in mind. Fewer have a plan for turning that number into actual income.
The Definitive Guide to Retirement Income walks you through the questions that matter: what things will cost, where the money comes from, and how to keep your portfolio aligned with your long-term goals.
If you have $1,000,000 or more saved, download your free guide and start building a retirement income plan that holds up.
🛡️ Fix it right now
Two minutes. Do this before you open another PDF from anyone.
Open Adobe Acrobat Reader.
Click Help in the top menu.
Select Check for Updates.
Install everything.
You need version 26.001.21411 or higher. Acrobat 2024 users need 24.001.30362 on Windows or 24.001.30360 on Mac. Check your version under Help > About Adobe Acrobat Reader.
Can’t update at the moment? Don’t open any PDF you weren’t expecting. Even from someone you know. Attackers spoof senders. That email that looks like it’s from your bank or your accountant or your doctor? Could be bait.
The attacks researchers caught used Russian-language oil and gas industry documents, which points to a nation-state behind this. Those don’t stay targeted. They spread. They evolve. Your name doesn’t have to be on a list for you to get hit.
Update now. Who knew Adobe Reader could give you a paper cut this bad?
📩 Send this to someone who opens PDFs all the time, at work, does their own taxes or has never once updated Adobe Reader. So, most people you know. Use the handy icons below.
Photo credit(s): Gemini