📰 Stealthy 'PDFSIDER' Backdoor Uses DLL Side-Loading to Bypass EDR and AV

New 'PDFSIDER' backdoor uses DLL side-loading with a legit PDF app to bypass EDR/AV. It creates an encrypted C2 channel for stealthy access and is already used by the Qilin ransomware group. 🛡️ #Malware #Backdoor #EDR #Qilin #ThreatIntel

🔗 https://cyber.netsecops.io/articles/pdfsider-backdoor-uses-dll-side-loading-to-evade-defenses/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

🎙️ Nouveau podcast avec Charles F. Hamilton : La guerre Red Team vs EDR

Les EDR restent vulnérables à des techniques simples. Les "named pipes" contournent le ML depuis 8 ans. Une fois au kernel, toutes les protections tombent.

La vraie solution ? Configurations de base + analystes humains. L'IA ne remplace pas le threat hunting.

🎧 Web: https://polysecure.ca/posts/episode-0x692.html#67b773dc
🎧 Spotify: https://open.spotify.com/episode/0hu9zRI741MBi5jLm13hjb?si=NTfMt6JYRxOzte7qUD2Gzw
🎧 YouTube: https://youtu.be/5n0ce2p2CfE

#Cybersécurité #EDR #RedTeam #InfoSec

PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion

Pulse ID: 696f07cd26ed667eeceb8eee
Pulse Link: https://otx.alienvault.com/pulse/696f07cd26ed667eeceb8eee
Pulse Author: Tr1sa111
Created: 2026-01-20 04:42:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #EDR #InfoSec #Malware #OTX #OpenThreatExchange #PDF #bot #Tr1sa111

Feralna sprzedaż dostępu do sieci – jak FBI złapało brokera r1z

Sprzedać FBI klucze do 50 firmowych sieci i jeszcze dorzucić demo malware’u na ich serwerze? To nie scenariusz thrillera, tylko realna wpadka pewnego „brokera dostępu”.

Czytaj dalej:
https://pressmind.org/feralna-sprzedaz-dostepu-do-sieci-jak-fbi-zlapalo-brokera-r1z/

#PressMindLabs #brokerdostepu #edr #fbi #firewalle #r1z

PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion

PDFSIDER is a newly identified malware variant that utilizes DLL side-loading to deploy a covert backdoor with encrypted command-and-control capabilities. It exploits vulnerabilities in legitimate software like PDF24 Creator to bypass endpoint detection mechanisms. The malware operates primarily in memory, minimizing disk artifacts, and employs advanced anti-VM technology to evade sandboxes and analysis labs. PDFSIDER features a robust cryptographic implementation using the Botan library for secure communications. It gathers system information and provides attackers with an interactive, hidden command shell for remote execution. The malware's characteristics align with APT tradecraft, suggesting its use in cyber-espionage operations. Distribution occurs through spear-phishing emails containing ZIP archives with legitimate-looking executables.

Pulse ID: 696d289a872523c04861cbfa
Pulse Link: https://otx.alienvault.com/pulse/696d289a872523c04861cbfa
Pulse Author: AlienVault
Created: 2026-01-18 18:38:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #EDR #Email #Endpoint #Espionage #ICS #InfoSec #Malware #Nim #OTX #OpenThreatExchange #PDF #Phishing #RAT #SMS #SpearPhishing #ZIP #bot #cyberespionage #AlienVault

" #VoidLink : Un framework malveillant #Linux cloud-native "

Arrêtons de se croire invulnérables sous linux
Si demain ca part en live a cause d'un conséquences sur la sécurité ca srera impardonnable
🤷‍♀️
Donc ouais, perso je commencerais a réfléchir SÉRIEUSEMENT AUX #antivirus ou plutôt des #edr

https://threats.wiz.io/all-incidents/voidlink-a-cloud-native-linux-malware-framework

A recent guilty plea provides a detailed look at the role of initial access brokers in modern cybercrime operations.

Court documents describe how network access was sold via exploited perimeter systems and paired with malware capable of disabling endpoint defenses. Investigators tied the activity to broader criminal impact over time.

Key defensive implications:
• Initial access often precedes major incidents by months
• Brokered access accelerates follow-on attacks
• Patch management and exposure monitoring remain critical

How are teams adjusting controls to disrupt early-stage access brokers?

Source: https://therecord.media/guilty-plea-initial-access-broker-r1z

Engage with the discussion and follow TechNadu for objective InfoSec coverage.

#InfoSec #ThreatIntel #InitialAccessBroker #EDR #NetworkSecurity #CyberDefense #TechNadu

🧨 Un “tueur d’EDR” vendu sur un forum russophone

// Driver signé 2025, prix : 3 000 $. Une arme contre les solutions de sécurité.

👉 https://www.zataz.com/un-tueur-dedr-propose-sur-un-forum-russophone/

#edr #cyberwarfare #undergroundmarket #zataz