Adobe and Chrome Zero-Days Under Active Attack as Ransomware Strikes Critical Infrastructure and Political Parties

The Federal Bureau of Investigation (FBI) has initiated an investigation into the ransomware attack on the Minot Water Treatment Plant. This development underscores the national security implications of cyberattacks on critical infrastructure and the seriousness with which federal agencies are treating the incident. The attack, which disrupted automated systems and forced manual operations, is now part of a broader federal effort to combat threats to public utilities, including initiatives like 'Operation Winter Shield'.

New intelligence from Microsoft indicates the Storm-1175 group has further accelerated its attack timeline, now capable of deploying Medusa ransomware in under 24 hours from initial access. This 'speed run' approach, down from the previously reported 24-48 hours, dramatically reduces the window for defenders to patch and respond. The group continues to rapidly weaponize N-day and zero-day vulnerabilities, posing an even greater challenge for organizations in healthcare, education, and finance across the US, UK, and Australia.

The German political party Die Linke has confirmed that the Qilin ransomware attack resulted in the theft of approximately 1.5 terabytes of data. This stolen data includes internal communications, administrative files, and other personal information, although sensitive membership and donation databases remain secure. The party has officially notified data protection authorities and is actively collaborating with forensic specialists to thoroughly assess the full scope and impact of the breach. This update quantifies the significant scale of the data exfiltration, providing a clearer picture of the incident's severity and the ongoing response efforts.

The Hong Kong Hospital Authority (HA) has clarified that the data breach affecting 56,000 patients originated from a third-party platform, not a direct compromise of its internal networks. This shifts the suspected attack vector from an insider threat by a contractor to potential supply chain vulnerabilities, misconfigured cloud storage, or leaked credentials for the third-party service. The HA has also begun notifying affected individuals via its mobile app, letters, and phone calls, providing more details on their response efforts.

On April 12, 2026, Adobe released emergency security updates for the actively exploited zero-day vulnerability in Acrobat and Reader, now officially identified as CVE-2026-34621. The flaw, initially described as a logic bug, has been clarified as a prototype pollution vulnerability enabling arbitrary code execution. Exploitation has been confirmed since at least November 2025. The patch is available for both Windows and macOS versions, with specific build numbers provided. The CVSS score was revised from 9.6 to 8.6. This update significantly mitigates the threat for users who apply the patch immediately.