Critical Adobe Reader Zero-Day Actively Exploited via Malicious PDFs — The Hacker News

A zero-day vulnerability in Adobe Reader has been actively exploited since December, allowing attackers to execute arbitrary code through maliciously crafted PDFs. This vulnerability affects multiple versions of Adobe Reader, and no patch is currently available. Organizations are advised to implement mitigation strategies such as disabling JavaScript in Adobe Reader and closely monitoring for suspicious PDF activities.

BlueHammer Windows Zero-Day Exploit Uncovered — Dark Reading

A newly disclosed zero-day vulnerability, dubbed 'BlueHammer,' allows attackers to escalate privileges to SYSTEM level on Windows systems. The exploit leverages a combination of legitimate Windows functions and has been released as a proof-of-concept by a security researcher. Organizations should prioritize monitoring for unusual activity and apply any available mitigations to protect against potential exploitation until a patch is released.

• Google Chrome adds infostealer protection against session cookie theft [BleepingComputer]
• New ‘LucidRook’ malware used in targeted attacks on NGOs, universities [BleepingComputer]
• Healthcare IT solutions provider ChipSoft hit by ransomware attack [BleepingComputer]
• Eurail says December data breach impacts 300,000 individuals [BleepingComputer]
• Chinese Supercomputer Allegedly Hacked, 10 Petabytes of Data Stolen - Security Magazine [Google News Security]