Adobe patches dangerous vulnerabilities while criminals target banking customers with sophisticated malware.
Adobe has released urgent patches for seven severe security vulnerabilities discovered in two of its widely-used business applications: ColdFusion and Campaign Classic. These flaws represent the highest level of danger in the security world, meaning attackers could potentially take complete control of affected systems without needing permission from users.
When software companies assign severity ratings to security problems, they use a scale where 10.0 represents the worst possible scenario—basically, a front door left wide open for criminals. Having multiple flaws at this maximum level is extremely serious and explains why Adobe moved quickly to release fixes.
What makes this situation particularly alarming is that security researchers have already spotted criminals actively exploiting similar vulnerabilities in the wild. Fortinet's security team discovered an organized campaign in May 2026 targeting bank customers in Spain and Portugal using a malicious program called Ousaban.
The attack method is clever and deceptive. Criminals send victims what appears to be a broken PDF file, but it's actually a hidden delivery system for dangerous software. The malware checks to confirm the victim lives in Spain or Portugal—a targeting technique that shows the attackers are running a focused, organized operation rather than just randomly attacking people.
If your company uses ColdFusion or Campaign Classic—both popular Adobe tools for managing websites and marketing campaigns—you're potentially at risk. ColdFusion helps companies build and run web applications, while Campaign Classic manages customer communications and marketing efforts. Many businesses rely on these tools to keep their operations running.
Because these applications often sit in the cloud or connect to cloud services, a successful attack could give criminals access to sensitive business information, customer data, or financial systems. Think of it like someone finding a master key to your office building—they could access any room they want.
The combination of dangerous vulnerabilities and active criminal campaigns creates an urgent situation for organizations using these Adobe products.
The banking trojan specifically demonstrates how these technical flaws translate into real money at risk. Criminals aren't just testing these vulnerabilities in laboratories—they're using them right now to steal from actual people's bank accounts.
Organizations that delay these updates are essentially leaving their doors unlocked while criminals are actively trying doorknobs in the neighborhood.
Want to understand the technology behind this story? ITVedas has beginner-friendly guides on every IT topic.
Explore IT Chapters →