A wave of critical security vulnerabilities has emerged across major software platforms, with Google Chrome, Adobe Reader, and HPE networking equipment all requiring immediate patches to address actively exploited zero-day flaws.
Adobe Reader Under Active Attack
Adobe has released emergency security updates to address a critical vulnerability in Acrobat Reader that cybercriminals are actively exploiting in the wild. The flaw, tracked as CVE-2026-34621, carries a severe CVSS score of 8.6 out of 10.0 and enables attackers to execute arbitrary code on vulnerable systems.
Security researchers confirm that this zero-day vulnerability has been exploited for months before Adobe’s patch release, highlighting the extended exposure window that organizations faced. The vulnerability allows malicious actors to run unauthorized code on affected installations, potentially compromising sensitive data and system integrity.
Chrome 146 Patches Dual Zero-Days
Google has addressed two actively exploited zero-day vulnerabilities in Chrome 146, marking another significant security milestone for the widely-used browser. These flaws enable attackers to manipulate data and bypass critical security restrictions, potentially leading to remote code execution on victim machines.
The dual vulnerabilities demonstrate the ongoing targeting of browser platforms by threat actors, who continue to identify and exploit weaknesses in web-based applications. Users are strongly advised to update to Chrome 146 immediately to protect against these known exploits.
HPE Network Infrastructure at Risk
A critical vulnerability affecting HPE AOS-CX networking equipment allows unauthorized attackers to reset administrator passwords remotely without any authentication. This flaw poses severe risks to network infrastructure security, as it completely circumvents existing authentication controls.
The vulnerability’s remote exploitation capability makes it particularly dangerous for organizations relying on HPE networking hardware, as attackers could potentially gain administrative access to critical network infrastructure components.
Immediate Action Required
Security teams should prioritize patching these vulnerabilities immediately, given their active exploitation status. The combination of zero-day exploits across multiple platforms underscores the critical importance of maintaining up-to-date security patches and implementing robust vulnerability management programs.
Organizations should verify that all Chrome browsers are updated to version 146, Adobe Reader installations have received the latest security patches, and HPE AOS-CX devices are protected through available firmware updates.
Sources
- Critical HPE AOS-CX Vulnerability Allows Admin Password Resets – SecurityWeek
- Adobe Patches Reader Zero-Day Exploited for Months – SecurityWeek
- Chrome 146 Update Patches Two Exploited Zero-Days – SecurityWeek
- Chrome 146 Update Patches Two Exploited Zero-Days – SecurityWeek
- Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 – The Hacker News
