Pierluigi Paganini
January 18, 2026
Malware Newsletter
Gogs 0-Day Exploited in the Wild
SHADOW#REACTOR – Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment
“Untrustworthy Fund”: targeted UAC-0190 cyberattacks against SOU using PLUGGYAPE (CERT-UA#19092)
Hiding in Plain Sight: Deconstructing the Multi-Actor DLL Sideloading Campaign abusing ahost.exe
Silent Push Uncovers New Magecart Network: Disrupting Online Shoppers Worldwide
Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool
Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework
Keeping the Kimwolf at bay: putting a leash on a massive DDoS Botnet
5 Malicious Chrome Extensions Enable Session Hijacking in Enterprise HR and ERP Systems
Planned failure: Gootloader’s malformed ZIP actually works perfectly
Towards Online Malware Detection using Process Resource Utilization Metrics
Malware Classification using Diluted Convolutional Neural Network with Fast Gradient Sign Method
LLM-Generated Samples for Android Malware Detection
Low-Cost Malware Detection with Artificial Intelligence on Single Board Computers
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)
