Adobe on Tuesday released security updates for its multimedia platform Shockwave Player and RoboHelp for Word, a tool used to author content for online help systems. The Shockwave update to version 18.104.22.1684 addresses nine "critical" vulnerabilities, all of which could be exploited to load malware on a user's system. Meanwhile, the RoboHelp upgrade fills one hole, labeled "important," through which "a specially crafted URL could be used to create a cross-site scripting attack on web-based output generated using RoboHelp for Word."
The surge comes after malicious actors impersonated well-known brands, such as Adobe Reader and Microsoft Teams, to deliver numerous malware strains, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer and Vidar.
At least 1,200 Redis database servers worldwide have been compromised by a sophisticated piece of malware since September 2021, while more than 2,800 uninfected servers remain at high risk of exploitation.