Adobe has promised to issue a fix for another major security flaw in its Flash software.
Adobe has credited Kaspersky with uncovering evidence that the flaw is being used by a group of Russian hackers dubbed ScarCruft. The flaw is notable because it can be used against Windows, OS X, Linux, and Chrome OS systems.
Adobe plans to issue a fix for the problem by 16 June.
"Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild and is being used in limited targeted attacks," said the firm.
"Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16."
Kaspersky explained that it caught the flaw being used during its usual investigations into security incidents.
"Earlier this month, we caught another zero-day Adobe Flash Player exploit deployed in targeted attacks. We believe these attacks are launched by an APT group we call ScarCruft," the firm said.
"ScarCruft is a relatively new APT group, and victims have been observed in several countries. The group has several ongoing operations using multiple exploits, two for Adobe Flash and one for Microsoft Internet Explorer."
Security experts have used the incident, and Adobe's plans to issue a fix, as more evidence of just how troublesome Flash has become, and said that firms using the software should apply the patch the moment it is released.
"Adobe has acknowledged that a vulnerability (CVE-2016-4171) in the current Flash player is being used in the wild and delayed the expected monthly Adobe Flash patch. The APSA16-03 advisory promises the patch for the end of this week," said Wolfgang Kandek, CTO at security firm Qualys.
"Pay close attention to the release and address it as quickly as possible. This is the third month in a row that we are seeing a zero-day in Flash, making it the most targeted software on your organisation's endpoints."
The news comes after Microsoft issued the June Patch Tuesday security release with five critical fixes covering key products including IE, Edge and Office.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago