Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape
Malware Newsletter
Hijacked npm Packages Use Novel VSCode Autorun and Blockchain Dead Drops to Deploy a Credential/Crypto Stealer
Building a CI/CD pipeline for Sigma rules
Inside StegoAd: How a Threat Actor Evolved to Fuel Silent Ad Fraud and Credential Theft at Scale
A Djinn in the Machine: TaskWeaver’s Node.js Intrusion Chain
Chromium extension uses AI‑related branding to redirect browser search
Mustang Panda targets India’s government and energy sectors with ZOHOMURK and MINIRECON
RustDuck: An In-Depth Analysis of a Two-Stage Botnet
From Langflow to Monero: Inside CVE-2026-33017 Cryptominer
The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign
Veil#Drop: Blogspot-Hosted PowerShell Loader Delivers PureLog Stealer Through XOR-Encoded In-Memory .NET Payloads
Analysis of Ongoing Ousaban Attacks Targeting the Iberian Peninsula
Browser-Only Ransomware: From LLM Hallucinations to a Practical Attack Technique
Popa: From Sourcing to Distribution
From CitrixBleed 2 to Cloudflared: The Tools and Techniques Behind Anubis Ransomware Attacks
ToddyCat: your hidden email assistant. Part 2
PamStealer: a Rust-based macOS infostealer that validates credentials through PAM
Analysis of Ongoing Ousaban Attacks Targeting the Iberian Peninsula
JADEPUFFER: Agentic ransomware for automated database extortion
Don’t Eat The ChocoPoCs! How Vulnerability Researchers Were Repeatedly Targeted By Trojanised Exploits
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
Lazarus-Linked npm Malware Masquerades as Rollup Polyfills
Cloak and Detonate: Scanner Evasion and Dynamic Detection of Agent Skill Malware
AI-Generated PowerShell Malware: An Experimental Framework and Dataset
A Lightweight Framework for Android Malware Detection via SDAE-Based Multi-View Static Feature Fusion
Addressing Data Scarcity in Malware Classification via Pixel-Level Synthetic Image Generation
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)

