Malware Newsletter
Novel Java-Based QuimaRAT Targets Windows, macOS, and Linux
Vibe Coded Extortion: Avalon’s Path from Legal Lure to CrownX Ransom Capabilities
Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign
RedWing: A Mobile Malware-as-a-Service Operation
Cavern Manticore: Exposing Iran-Linked Modular C2 Framework
ClickFix to Cash-Out: Anatomy of a Mexican Banking-Fraud Toolkit
Fake Installers, Fake Reviews, Fake Services – Real Proxies, Real Victims
GodDamn Ransomware: Latest Beast Rebrand Uses Malicious Driver to Disable Defenses
The BYOVD Epidemic: How Attackers Are Weaponizing Trusted Windows Drivers to Kill Security
GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware
Malicious Go Module Exposes GitHub Malware Lure Network Spanning 222 Repositories
Ransomware statistics 2026: confirmed attacks by month
ThreatVisionAI: A Hybrid CNN-ViT Framework for Image-Based Malware Classification
Cloak and Detonate: Scanner Evasion and Dynamic Detection of Agent Skill Malware
A Blockchain and Federated Learning Framework for Image-Based IoT Malware Detection and Prevention
jscrambler npm Package Compromised in Supply Chain Attack
One Target, Two Flags | Rival Espionage Actors Converge On Pakistani Law Enforcement
Operation Phnom Penh: Silver Fox Ghost Distributor Targets Specific Victims with MODBEACON Custom TrojanHow WP-SHELLSTORM Exposed 1.4M WordPress Sites
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)