InfoSec News Nuggets 04/09/2026

By MaryOn April 9, 2026 Hackers exploiting Acrobat Reader zero-day flaw since December  Attackers have been using a previously unpatched Adobe Reader flaw in malicious PDFs since at least December, according to researcher Haifei Li. The reported activity can steal local data through Acrobat APIs and may enable follow-on remote code execution or sandbox escape, which makes this one worth watching closely until Adobe ships a fix.     300,000 People Impacted by Eurail Data Breach  Eurail disclosed that a data breach tied to the broader Trivy supply chain incident affected 308,777 people, with stolen data including names and passport numbers. The case is another reminder that downstream exposure from third-party and software supply chain compromises can linger well after the original intrusion becomes public.     Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure  Cisco Talos says attackers are abusing GitHub and Jira notification features to send phishing emails that pass SPF, DKIM, and DMARC because the messages are sent by the platforms themselves. In one observed spike, roughly 2.89% of emails sent from GitHub were tied to this abuse pattern, which makes this a useful detection story for teams that rely heavily on trust in SaaS-generated mail.     Cybercrime losses jumped 26% to $20.9 billion in 2025  The FBI’s latest IC3 data shows reported cybercrime losses rose to $20.9 billion in 2025, with data breaches, ransomware, SIM swapping, malware, and botnets leading the mix. The report also logged more than 3,600 ransomware complaints, with health care, manufacturing, financial services, government, and IT among the most targeted critical infrastructure sectors.     Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs  US agencies warned that Iran-affiliated actors have been targeting internet-exposed PLCs, particularly Rockwell Automation and Allen-Bradley devices, across energy, water, wastewater, and government environments. The advisory says attackers have already manipulated PLC project files and tampered with HMI and SCADA displays, in some cases causing operational disruption and financial loss, which puts renewed focus on removing OT assets from direct internet exposure.  CATEGORIESInfoSec News Nuggets TAGSAboutDFIRGitHubJiranews nuggets SHARE FACEBOOK TWITTER LINKEDIN PINTEREST STUMBLEUPON EMAIL