MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91

 | 

Image or Malware? Read until the end and answer in comments :)

 | 

Security Affairs newsletter Round 571 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Qilin ransomware group claims the hack of German political party Die Linke

 | 

U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog

 | 

European Commission breach exposed data of 30 EU entities, CERT-EU says

 | 

North Korea–linked hackers drain $285M from Drift in sophisticated attack

 | 

CrystalX RAT: new MaaS malware combines spyware, stealer, and remote access

 | 

Pro-Iran Handala group breached Israeli defence contractor PSK Wind Technologies

 | 

Cisco fixed critical and high-severity flaws

 | 

Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing

 | 

Italian spyware vendor creates Fake WhatsApp app, targeting 200 users

 | 

Google fixes fourth actively exploited Chrome zero-day of 2026

 | 

Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

 | 

SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code

 | 

Anthropic accidentally leaks Claude Code

 | 

Attackers hijack Axios npm account to spread RAT malware

 | 

Nearly half a Million mobile customers of Lloyds Banking Group affected by security incident

 | 

Dutch Ministry of Finance takes treasury systems offline amid cyber incident investigation

 | 

U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91

Pierluigi Paganini April 05, 2026

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka  

Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government

RoadK1ll: A WebSocket Based Pivoting Implant   

axios Compromised: npm Supply Chain Attack via Dependency Injection  

Axios compromised: hijacked maintainer account pushes malicious npm versions 

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection 

DeepLoad Malware Pairs ClickFix Delivery with AI-Generated Evasion  

UAC-0255 cyberattack disguised as a notification from CERT-UA using the AGEWHEEZE software tool (CERT-UA#21075)

A laughing RAT: CrystalX combines spyware, stealer, and prankware features  

Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets

Operation NoVoice: Rootkit Tells No Tales 

Understanding NPM Malicious Package Detection: A Benchmark-Driven Empirical Analysis

Label-efficient Training Updates for Malware Detection over Time

Safeguarding LLMs Against Misuse and AI-Driven Malware Using Steganographic Canaries

Machine Learning-Based Static Ransomware Detection Using PE Header Features and SHAP Interpretation

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Cybercrime Hacking information security news IT Information Security malware Newsletter Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini April 05, 2026
Image or Malware? Read until the end and answer in comments :)
Read more
Pierluigi Paganini April 05, 2026
Security Affairs newsletter Round 571 by Pierluigi Paganini – INTERNATIONAL EDITION
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91

Malware / April 05, 2026

Image or Malware? Read until the end and answer in comments :)

Hacking / April 05, 2026

Security Affairs newsletter Round 571 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / April 05, 2026

Qilin ransomware group claims the hack of German political party Die Linke

Cyber Crime / April 04, 2026

U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog

Security / April 04, 2026