Adobe confirms exploitation: Malware uses undocumented API

Adobe has confirmed active exploitation of a critical vulnerability affecting Acrobat and Reader. The bug has been allocated CVE-2026-34621.

The critical Adobe bug affects Windows and MacOS deployments and gives attackers arbitrary code execution if a user opens a poisoned PDF.

Worryingly, the malware appears to abuse a previously undocumented Adobe API, “SilentDocCenterLogin()” in its attack chain. It also uses a “split key” command and control (C2) system and clever device fingerprinting to avoid the payload opening in VMs, or if a researcher is using Tor or a VPN.