Pierluigi Paganini
June 14, 2026
Malware Newsletter
IronWorm: Shai-Hulud’s rustier cousin
Trojanized ai-sdk-ollama Delivers Miasma, a Self-Replicating npm Worm via binding.gyp
Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO
Using AI Agents to Analyze Malware on REMnux
The Miasma worm’s path of destruction
Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave
VerdantBamboo: Just Another BRICKSTORM in the Firewall
NFCShare Android Trojan: NFC card data theft via malicious APK
400+ AUR Packages Compromised with Infostealer and Rootkit
Expanded JDY IoT and SOHO botnet enables rapid vulnerability exploitation
Inside-Onyxc2-The-New-Stealer-Targeting-210-Apps
ViPER: Vision-based Packing-Aware Encoder for Robust Malware Detection
The Sound of Malware: A Memory Forensics Approach for Android Malware Analysis via Audio Signals
MalTree: Tracing Malware Evolution from Embeddings at Scale
NetGuard: A Hybrid Framework for Intelligent and Scalable Malicious URL Detection
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)
