Adobe 0-day seen in the wild This is an interesting find. PDF exploits are rare and this one looks to be very targeted. Also "yummy_adobe_exploit_uwu.pdf" is a malware naming convention that reminds me why I love this community. I’m struggling to come up with some good detections for this one though. I was hoping for the process tree behavior but this seems very common with acrobat.exe: ``` Acrobat.exe (PID:6416) “manual.pdf” ├── AdobeCollabSync.exe -c (PID:3520) ├── AdobeCollabSync.exe -c (PID:5424) [stealth_timeo...

We've been tracking this Adobe 0-day in Acrobat Reader. Still no patch from Adobe (and no word on affected versions). Per the discoverer, this attack has been ongoing for months.

discourse.ifin.netwo...

#Adobe #0day #ThreatIntel #IFIN

HWMonitor Download Compromised Observable: CPUID Downloads with Malware Observable Type: Supply Chain compromise (?) Details: Users reporting getting a malware executable while downloading HWMonitor software from the official CPUID website A discussion on Reddit from an everyday user, with some analysis in the comments: Reddit - Please wait for verification Some press coverage: https://cybernews.com/security/cpuid-hwmonitor-hwinfo-cpuz-deliver-malware/

CPUID downloads were temporarily compromised earlier today. We have a thread compiling analysis and IoCs for you to investigate:

discourse.ifin.netwo...

#ThreatIntel #IFIN #ThreatIntelligence