Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape
Malware Newsletter
Technical Deep Dive: The Monero Mining Campaign
Operation Olalampo: Inside MuddyWater’s Latest Campaign
VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure
Arkanix Stealer: a C++ & Python infostealer
North Korean Lazarus Group Now Working With Medusa Ransomware
Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign
New Malicious npm Package “ambar-src” Targets Developers with Open Source Malware
Steaelite RAT Enables Double Extortion Attacks from a Single Panel
APT37 Adds New Capabilities for Air-Gapped Networks
New Dohdoor malware campaign targets education and health care
Developer-targeting campaign using malicious Next.js repositories
Exploring Aeternum C2: a new botnet that lives on the blockchain
An Explainable Memory Forensics Approach for Malware Analysis
AndroWasm: an Empirical Study on Android Malware Obfuscation through WebAssembly
Routing-Aware Explanations for Mixture of Experts Graph Models in Malware Detection
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – malware, newsletter)
