Back to News
Artificial Intelligence

Critical PDF Zero Day, Fiber Eavesdropping and AI-Powered Exploit Hunting Shake Security Scene

CyberSecurityWaala 2 weeks ago Apr 13, 2026
Critical PDF Zero Day, Fiber Eavesdropping and AI-Powered Exploit Hunting Shake Security Scene

Monday opened with a stack of urgent security alerts. A critical PDF zero-day, new research showing optical fiber can leak sound, and AI models being used to find and write exploits all landed at once. The details matter and the timeline is short.

Zero-day in Adobe Acrobat

Adobe released emergency updates after researchers found a serious flaw in Acrobat Reader. Adobe said the bug carries the identifier CVE-2026-34621 and a CVSS score of 8.6. Haifei Li, founder of EXPMON, disclosed active exploitation that runs JavaScript when specially crafted PDFs are opened. Adobe said the issue can lead to arbitrary code execution and urged immediate patching.

AI finds flaws fast

Anthropic is running a frontier model that discovers vulnerabilities at scale. Anthropic said early tests identified thousands of high-severity flaws and, in some cases, produced working exploits in under a day. Cisco, a launch partner, warned that while AI gives defenders unprecedented scanning power, it also lowers the bar for attackers. “AI allows us to scan and secure vast codebases at a scale previously unimaginable,” Cisco said. “However, it also lowers the threshold for attackers.” This dual-use capability highlights the rapidly changing role of AI in the cybersecurity landscape.

Optical fiber can leak sound

New academic research found that common telecommunication fibers can act as an acoustic side channel. Researchers at the Hong Kong Polytechnic University and the Chinese University of Hong Kong said attackers who can access one end of a fiber can use commercially available Distributed Acoustic Sensing gear to pick up sound vibrations and recover private audio. The team cautioned the issue is especially worrying for buildings using Fiber-to-the-Home installations.

Stealthy kernel rootkit

Security firm Nextron Systems disclosed a Windows kernel rootkit called RegPhantom. Nextron said the malware abuses the Windows registry as a covert trigger. A user-mode process writes an encrypted command to the registry, the signed driver intercepts it, and the driver reflectively maps code into kernel memory. “What makes this threat notable is the combination of stealth, privilege, and trust abuse,” Nextron said. The firm added that RegPhantom wipes evidence and hides loaded modules from standard tools.

Router compromises and espionage

Law enforcement and government agencies described an operation that altered DNS settings on small and home office routers to redirect victims to attacker-controlled sites. The U.K. government said the activity was likely opportunistic and used to harvest credentials and, in specific cases, perform man-in-the-middle attacks against encrypted traffic. Agencies linked the behavior to long-running campaigns that manipulate routers to intercept email and cloud traffic.

Long con in crypto

Drift Protocol said a North Korea-linked group posed as a trading firm for months and stole $285 million in digital assets. Drift described a patient social engineering operation that included in-person meetings, Telegram coordination, and an initial deposit to build trust. Blockchain analytics firm Elliptic said this incident fits a wider pattern of state-linked cryptocurrency thefts tracked in 2026.

Fileless attacks and new RATs

Researchers at Point Wild and Malwarebytes reported multiple schemes that use fileless techniques, trojanized installers, and malicious repository hosting. Malwarebytes said a fake site impersonating Anthropic’s Claude served a trojanized installer that deployed PlugX via DLL side-loading. Point Wild detailed phishing that reconstructs .NET payloads in memory to load Remcos RAT and other remote access trojans. These campaigns rely on trusted services and complex loaders to avoid detection.

Practical takeaways

Patch quickly. Zscaler ThreatLabz warned that legacy VPNs and blind spots let attackers move at machine speed while defenders lag. Microsoft urged organizations to watch payroll workflows after it observed Storm-2755 using credential theft to divert salary payments. MITRE released the Fight Fraud Framework to help connect technical indicators to financial fraud. Together these updates show the basics still matter: patching, multi-factor protection, and monitoring network configuration. For organizations that do face an incident, knowing how to respond is critical.

Stay vigilant and treat every unexpected document and link as suspicious. When researchers, vendors, and law enforcement all flag a trend, act quickly. The threat landscape is accelerating and the right response starts with simple, timely steps.

#cybersecurity #zeroday #AIsecurity #infosec #threatintel #patchnow