Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click Attacks

We often think of a PDF file (Portable Document Format file) as a simple digital version of a printed document. However, new research shared with Hackread.com reveals that these everyday tools have become complex “application stacks” that hackers can use as a doorway into private networks.

The team at Novee Security recently inspected two major PDF systems: Foxit and Apryse. Their study, released on February 18th, 2026, identified 13 vulnerability categories and 16 total ways a system could be hacked.

It is worth noting that these aren’t minor glitches; these zero-day vulnerabilities could allow attackers to take over accounts or run commands on a company’s backend servers without needing to break into the browser or operating system directly.

Hunting for Bugs with AI

As we know it, finding security holes in massive amounts of code is a huge challenge. To speed things up, researchers used a “human-agent ...