Two active enterprise security alerts

A remote-access box and a PDF reader are doing the same job in two different offices: one lets employees into company systems from outside, and the other opens documents that arrive by email. This week, both turned into urgent security problems. (sonicwall.com) (sophos.com) The first product is SonicWall Secure Mobile Access 1000, which companies use like a guarded front gate for contractors, administrators, and remote workers. SonicWall said on April 8, 2026 that four flaws affect that appliance, including one SQL injection bug rated 7.2 out of 10 and two one-time-password bypass issues tied to Unicode handling. (sonicwall.com) SQL injection is the old trick where an attacker feeds a login or form field text that the server mistakes for a database command. In SonicWall’s case, CVE-2026-4112 can let an authenticated user escalate privileges through that path, which means a low-level foothold can be turned into broader control. (sonicwall.com) The bypass bugs target time-based one-time passwords, which are the six-digit codes from an authenticator app that are supposed to act like a second lock on the same door. SonicWall says CVE-2026-4114 affects the Appliance Management Console and CVE-2026-4116 affects Workplace and Connect Tunnel, with both flaws tied to Unicode characters that can confuse how input gets checked. (sonicwall.com) The fourth issue, CVE-2026-4113, leaks information through different authentication responses. That kind of discrepancy helps attackers test which usernames are real before they try password spraying or phishing against the same appliance. (sonicwall.com) SonicWall says it is not aware of active exploitation for these four April 2026 flaws, but that is not the same thing as safety. The same product line was already hit by an exploited zero-day in December 2025, when SonicWall warned that CVE-2025-40602 had been abused in the wild. (sonicwall.com) (securityweek.com) The second problem sits in Adobe Reader, which is supposed to be the safe, boring tool people use to open invoices, contracts, and reports. Researchers say attackers have been using a previously unknown flaw since at least December 2025 by sending malicious PDF files that run hidden JavaScript code when opened. (sophos.com) (bleepingcomputer.com) JavaScript inside a PDF is like a form with tiny built-in instructions, except here the instructions can reach privileged Acrobat application programming interfaces that normal document code should not control. Sophos says that lets the file collect user and system data and may open the way to more payloads or remote code execution. (sophos.com) The detail that makes this Adobe case nastier is that the theft happens inside a document workflow people already trust. Reports on the campaign say the lures included Russian-language files tied to the oil and gas sector, which points to targeted espionage rather than random spam. (sophos.com) (thehackernews.com) The common thread is not the vendor name but the routine action: log in from home, open a PDF, keep working. Security teams now have to treat remote-access appliances like internet-facing servers and document readers like active code platforms, because in April 2026 both are being used as entry points. (sonicwall.com) (sophos.com) For SonicWall admins, the immediate move is to install the fixed releases SonicWall lists for Secure Mobile Access 1000 and review who has management access and one-time-password enrollment. For Adobe users, the short-term defense is to treat unexpected PDF attachments as executable content until Adobe ships a fix or mitigation guidance for the zero-day campaign. (sonicwall.com) (sophos.com)