Security news.
Today's security brief highlights critical vulnerabilities and active exploitation, including a zero-day in Adobe Reader and exposed Google API keys. We also see major data breaches affecting hundreds of thousands and warnings about state-sponsored hacking campaigns targeting critical infrastructure and businesses.
Adobe Reader Zero-Day Exploited Since December 2025
Threat actors have been actively exploiting a zero-day vulnerability in Adobe Reader via malicious PDF documents since at least December 2025.
Google API Keys in Android Apps Expose Gemini Endpoints
Dozens of Google API keys embedded in Android apps can be extracted from decompiled code, granting unauthorized access to all Gemini endpoints.
Eurail Data Breach Impacts 300,000 Individuals
Eurail B.V. announced that a December 2025 data breach resulted in the theft of personal information belonging to over 300,000 individuals.
Google Warns of Campaign Targeting BPOs to Steal Corporate Data
Google is warning about a new campaign, tracked as UNC6783 and potentially linked to "Mr. Raccoon," that targets Business Process Outsourcing (BPO) firms to steal corporate data.
Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities
Palo Alto Networks and SonicWall have released patches for high-severity vulnerabilities that could allow attackers to modify protected resources and escalate privileges to administrator level.
Hackers Steal $3.6 Million from Bitcoin Depot
Bitcoin Depot, a major Bitcoin ATM network operator, reported that attackers stole $3.665 million worth of Bitcoin from its crypto wallets after breaching its systems last month.
Microsoft Suspends Dev Accounts for Open Source Projects
Microsoft has suspended developer accounts for several high-profile open-source projects without proper notification, preventing them from publishing new software builds and security patches for Windows users.
Bitter-Linked Hack-for-Hire Campaign Targets MENA Journalists
A hack-for-hire campaign, potentially linked to the Indian government-backed threat actor Bitter, has targeted journalists, activists, and government officials across the Middle East and North Africa (MENA) region.