SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popu...
Malware
20 articles
Kash Patel's merchandise site hacked to distribute malware
The attack on Based Apparel, reportedly an attempt to distribute infostealer malware designed to steal user credentials, was first brought to light by a user...
Canadian man arrested, charged for running KimWolf DDos botnet
In court documents unsealed on Thursday, the Justice Department said Jacob Butler ran KimWolf as a DDoS-for-hire service that infected over a million devices...
Authorities arrest 23-year-old accused of running the Kimwolf botnet
Canadian authorities arrested a 23-year-old Ottawa man accused of running the Kimwolf DDoS botnet. The US is now seeking extradition.
Canadian Man Arrested for Operating Kimwolf Botnet
Jacob Butler, 23, has been arrested in Canada and US authorities are seeking his extradition on computer hacking charges. The post Canadian Man Arrested for ...
We hardened zizmor's GitHub Actions static analyzer
In March 2026, attackers exploited a pull_request_target misconfiguration in the aquasecurity/trivy-action GitHub Action to exfiltrate organization and repos...
US and Canada arrest and charge suspected Kimwolf botnet admin
U.S.
New Linux malware 'Showboat' targets Middle East telecom provider
Showboat is believed to be utilized by Chinese-affiliated threat actors, with command-and-control infrastructure linked to Chengdu, China.
Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada
Jacob Butler, a 23-year-old from Ottawa, awaits extradition to the United States and faces up to 10 years in prison. The post Alleged leader of Kimwolf, a sw...
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botne...
CISA chief frets about open-source vulnerabilities, delayed security improvements
Acting director Nick Andersen’s comments came as a wave of malware attacks hit tech that’s publicly available for collaboration. The post CISA chief frets ab...
Microsoft’s Retired IE Tool MSHTA Now Being Used in Fileless Malware Attacks
Bitdefender researchers reveal how cyberattackers are abusing the built-in Windows MSHTA utility to silently deploy loaders and infostealers.
BadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit Sites
A new variant of the BadIIS malware that hijacks Microsoft IIS web servers to redirect users to illicit websites, highlighting an evolving malware-as-a-servi...
How a Webmail Log File Became a Root-Level Backdoor
A forensic breakdown of how an attacker turned CyberPanel's SnappyMail logging into a persistent webshell that survived every WordPress cleanup attempt. The ...
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes durin...
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date
Microsoft disrupts Fox Tempest malware-signing service
Fox Tempest operated a platform called signspace[.]cloud, which allowed threat actors to obtain short-lived Microsoft-issued certificates via Artifact Signing.
Tracking TamperedChef Clusters via Certificate and Code Reuse
Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Track...
DevilNFC Malware Traps Android Users in NFC Relay Attacks
A newly identified Android malware family named DevilNFC is raising concern among cybersecurity researchers for its advanced use of kiosk mode to trap victim...
Single-Letter Go Module Typosquat Drops DNS-Based Backdoor
A newly uncovered software supply chain attack targeting Go developers demonstrates how a single-character typo can silently introduce a persistent backdoor....