Adobe

A public exploit, named CosmicSting, has been released for CVE-2024-34102, an XML External Entity (XXE) Injection vulnerability in Adobe Commerce allowing for unauthenticated remote file read, SSRF, and potential RCE.

A commodity BadIIS malware variant is fueling a thriving malware-as-a-service (MaaS) ecosystem for Chinese-speaking cybercrime groups, allowing them to execute malicious SEO fraud, hijack server content, and redirect traffic to illicit sites.

Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability, tracked as CVE-2009-3459, that could allow remote attackers to execute arbitrary code via a crafted PDF file.

This rule detects suspicious Finder Sync plugin registrations on macOS, where adversaries abuse the pluginkit process to establish persistence by repeatedly executing malicious payloads.

Threat actors are increasingly using device code phishing, often via Phishing-as-a-Service platforms, to compromise user accounts by abusing the OAuth 2.0 device authorization grant flow and capturing authentication tokens, enabling account takeover, data theft, and business email compromise.

A local attacker can exploit multiple vulnerabilities in Adobe Creative Cloud applications to execute arbitrary program code, disclose confidential information, or cause a denial-of-service condition.

A local attacker can exploit a vulnerability in Adobe Acrobat Reader to disclose sensitive information and execute arbitrary code, potentially leading to a complete system compromise.

Adobe Commerce versions 2.4.9-beta1 and earlier are susceptible to a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-34686) that allows low-privileged attackers to inject malicious scripts into form fields, leading to potential account compromise.

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are vulnerable to a path traversal (CVE-2026-34653) allowing authenticated administrators to read and write arbitrary files.

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, and 2.4.4-p17 and earlier are vulnerable to a denial-of-service due to a dependency on a vulnerable third-party component, which an attacker can exploit to crash the application without user interaction.

Adobe Commerce versions 2.4.9-beta1 and earlier are vulnerable to uncontrolled resource consumption, potentially leading to application denial-of-service due to an attacker's ability to exhaust system resources without user interaction.

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are susceptible to an uncontrolled resource consumption vulnerability (CVE-2026-34650) that allows an unauthenticated attacker to cause a denial-of-service condition by exhausting system resources.

Adobe Commerce versions 2.4.9-beta1 and earlier are susceptible to an uncontrolled resource consumption vulnerability (CVE-2026-34649), allowing an unauthenticated attacker to trigger a denial-of-service condition by exhausting system resources.

Adobe Commerce versions 2.4.9-beta1 and earlier are vulnerable to Server-Side Request Forgery (SSRF) via a maliciously crafted URL, potentially leading to security feature bypass and unauthorized read access.

Adobe Commerce versions 2.4.9-beta1 and earlier are vulnerable to an Incorrect Authorization issue (CVE-2026-34646) that allows attackers to bypass security features and gain unauthorized write access without user interaction.

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability (CVE-2026-34645) that could allow an attacker to bypass security measures and gain unauthorized write access without user interaction.

Adobe Substance3D Designer versions 15.1.0 and earlier are vulnerable to an out-of-bounds write, potentially leading to arbitrary code execution if a user opens a malicious file.

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability (CVE-2026-34660) that could lead to arbitrary code execution through malicious script injection, requiring user interaction.

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are vulnerable to deserialization of untrusted data, potentially leading to arbitrary code execution if a user interacts with a malicious URL or compromised webpage.

Adobe After Effects versions 26.0, 25.6.4 and earlier are vulnerable to a heap-based buffer overflow (CVE-2026-34642) that could lead to arbitrary code execution when a user opens a malicious file.

Adobe Media Encoder versions 26.0.2, 25.6.4 and earlier are susceptible to an integer overflow or wraparound vulnerability (CVE-2026-34640) that could lead to arbitrary code execution when a user opens a malicious file.

Adversaries may establish persistence by abusing the Windows Installer (msiexec.exe) to create scheduled tasks or modify registry run keys, allowing for malicious code execution upon system startup or user logon.

A comprehensive analysis of Mac malware discovered in 2017, detailing infection vectors, persistence mechanisms, features, and goals, including FruitFly, MacDownloader (iKitten), and others.

Detects suspicious process access events where the call trace does not originate from known Windows system DLLs, indicating potential defense evasion by bypassing hooked APIs via direct syscalls.

Attackers modify registry run keys or startup keys to achieve persistence by referencing a program that executes when a user logs in or the system boots.

Adversaries may leverage Windows Background Intelligent Transfer Service (BITS) to download executable and archive files to evade defenses and establish command and control.

The rule identifies suspicious process creation where a process is created and immediately accessed from an unknown memory code region by the same parent process, indicating a potential code injection attempt, specifically process hollowing, commonly targeting processes spawned by Microsoft Office applications, scripting engines, and command-line tools for defense evasion.

Attackers can maintain persistence by replacing the legitimate RdrCEF.exe executable with a malicious one, which is executed every time Adobe Acrobat Reader is launched.