Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape
Malware Newsletter
Popular node-ipc npm Package Infected with Credential Stealer
New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here
Active Supply Chain Attack Compromises @antv Packages on npm
actions-cool/issues-helper GitHub Action Compromised: All Tags Point to Imposter Commit That Exfiltrates CI/CD Credentials
Disrupting Fox Tempest: A cybercrime service that turned “verified” software into a pathway for ransomware
Void Botnet uses Ethereum smart contracts for seizure-resistant C2
Kash Patel’s clothing brand website shut down after reports it was hacked
Megalodon: Mass GitHub Repo Backdooring via CI Workflows
Updated UAC-0057 toolkit: OYSTERFRESH, OYSTERSHUCK and OYSTERBLUES
Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
A Large Language Model Approach to Generating Bypass Rules for Malware Evasion in Analysis Sandbox
Detecting Ransomware Through Dynamic API Call Monitoring and Machine Learning
MalwarePT: A Binary-Level Foundation Model for Malware Analysis
Feature-Engineered Trojan Malware Detection on Windows-Based IoT Gateways Using a Custom Deep Neural Network and Automated Monitoring Pipeline
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
