Multiple new security flaws
Researchers and security teams flagged several active vulnerabilities this week, including zero‑click PDF exploits against Adobe Reader, critical flaws in SonicWall SMA appliances, and a Georgia Tech study showing AI‑generated code can reproduce security bugs at scale. The alerts span data‑exfiltration and authentication bypass risks and underscore that AI assistance can introduce repeatable vulnerabilities if unchecked. ( )
A portable document format file is supposed to be a sealed envelope for text and images, but Adobe Reader also runs JavaScript code inside some files, which turns a document viewer into a tiny app platform. That extra machinery is what attackers are abusing in the latest Adobe Reader campaign. (sophos.com) Sophos said on April 9, 2026 that a researcher described an Adobe Reader zero-day that has been exploited since at least December 2025, which means attackers were using it before Adobe had a fix. The malicious files run obfuscated JavaScript when the victim opens the Portable Document Format file. (sophos.com) The trick is not a loud smash-and-grab attack. Sophos said the files can call privileged Acrobat application programming interfaces to steal local user and system data, and then decide whether to launch a second-stage attack. (sophos.com) A virtual private network appliance works like a guarded side door into a company network, and SonicWall’s Secure Mobile Access 1000 boxes are one version of that door. On April 8, 2026, SonicWall disclosed four flaws in those appliances, including one high-severity Structured Query Language injection bug and two one-time-password bypass issues. (sonicwall.com) SonicWall listed the affected products as the Secure Mobile Access 6210, 7210, 8200v, and Central Management Server on versions 12.4.3-03245 and earlier and 12.5.0-02283 and earlier. SonicWall said fixed versions are 12.4.3-03387 and 12.5.0-02624 and later. (sonicwall.com) One-time password bypass means the lock still asks for a second code, but a formatting trick can confuse the checker and let the wrong key through. SonicWall said it was not aware of active exploitation in the wild as of its April 8 to April 9, 2026 notice, but the company still strongly advised customers to upgrade. (sonicwall.com) The third part of this week’s story is not one bug but a pattern. Georgia Tech said on April 9, 2026 that its researchers scanned more than 43,000 security advisories and confirmed 74 cases where artificial-intelligence coding tools appeared to have introduced vulnerabilities. (cc.gatech.edu) The Georgia Tech team said 14 of those 74 cases were critical and 25 were high severity. The bugs included command injection, authentication bypass, and server-side request forgery, which is when a server can be tricked into making requests on an attacker’s behalf. (cc.gatech.edu) Their point is that artificial intelligence can repeat the same coding mistake across thousands of projects the way a bad template can spread the same typo across thousands of forms. Georgia Tech researcher Hanqing Zhao said that if one pattern shows up in one artificial-intelligence-generated codebase, defenders can scan for it across many repositories. (cc.gatech.edu) Put together, these alerts describe three different failure modes at once: a document reader that can be turned into a data thief, a network gateway that can be talked past, and code assistants that can mass-produce the same weakness. The common thread is automation, because the same features that save users time also give attackers repeatable shortcuts. (sophos.com) (sonicwall.com) (cc.gatech.edu)
