Find notable cyber news and cases, enriched with sources, timelines, and signals.

PDFSider malware deployed for stealthy Windows backdoor access

Malware Activity
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

The PDFSider malware is being used to deliver payloads on Windows systems, giving attackers a stealthy backdoor for long-term covert access and raising the risk of ransomware follow-on activity.

Related Happenings

Microsoft Defender BlueHammer (CVE-2026-33825) ransomware exploitation wave

Exploitation Wave
H score41 First: 30.06.2026 11:53 Last: 30.06.2026 11:53 Sources 1

About this happening: CISA has flagged **BlueHammer (CVE-2026-33825)** as exploited in **ransomware campaigns**, expanding the risk to **Windows devices** exposed to privilege escalation. The flaw in *...

INC ransomware encryptors rewritten in Rust

Malware Activity
H score38 First: 18.06.2026 17:12 Last: 18.06.2026 17:12 Sources 1

About this happening: INC's **Windows** and **Linux/ESXi encryptors** were rewritten in **Rust**, improving cross-platform development and making reverse engineering harder. The malware line also gaine...

Major U.S. services company hit by ransomware attack linked to DragonForce

Incident
H score38 First: 16.06.2026 13:18 Last: 16.06.2026 13:18 Sources 1

About this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...

AI-built ransomware toolkit with AD discovery and EDR evasion

Malware Activity
H score36 First: 02.06.2026 23:01 Last: 02.06.2026 23:01 Sources 1

About this happening: A **customer-detected** AI-built ransomware toolkit is automating **Active Directory discovery** and **EDR evasion**, increasing the chance that payloads slip past security contro...

Sefirah infostealer delivered through a malicious Hugging Face repository

Malware Activity
H score16 First: 09.05.2026 17:26 Last: 09.05.2026 17:26 Sources 1

About this happening: A malicious **Hugging Face** repository impersonated **OpenAI’s Privacy Filter** and delivered **sefirah**, a **Rust-based infostealer**, to **Windows** users, creating credential...

Timeline

  1. 19.01.2026 23:00 2 articles · 5mo ago

    PDFSider deployment against a Fortune 100 finance company

    Initial Disclosure

    Ransomware attackers targeting a Fortune 100 finance company used PDFSider, a new Windows backdoor, to deliver malicious payloads through spearphishing ZIP archives and DLL side-loading via a signed PDF24 Creator executable from Miron Geek Software GmbH. Resecurity found the malware during incident response, described it as a stealthy long-term backdoor with APT-like characteristics, and said it had been seen in Qilin ransomware activity. The malware loads into memory, uses anonymous pipes and CMD, collects system information, exfiltrates data over DNS, and protects command-and-control traffic with Botan 3.0.0 and AES-256-GCM while trying to evade analysis with RAM-size checks and debugger detection.

    Show sources