Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscapeMalware NewsletterTechnical Deep Dive: The Monero Mining CampaignOperation Olalampo: Inside MuddyWater’s Latest Campaign VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructureArkanix Stealer: a C++ & Python infostealer North Korean Lazarus Group Now Working With Medusa RansomwareExposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign New Malicious npm Package “ambar-src” Targets Developers with Open Source Malware Steaelite RAT Enables Double Extortion Attacks from a Single Panel APT37 Adds New Capabilities for Air-Gapped Networks New Dohdoor malware campaign targets education and health careDeveloper-targeting campaign using malicious Next.js repositories Exploring Aeternum C2: a new botnet that lives on the blockchain An Explainable Memory Forensics Approach for Malware AnalysisAndroWasm: an Empirical Study on Android Malware Obfuscation through WebAssembly Routing-Aware Explanations for Mixture of Experts Graph Models in Malware Detection Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – malware, newsletter)