Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscapeMalware NewsletterHijacked npm Packages Use Novel VSCode Autorun and Blockchain Dead Drops to Deploy a Credential/Crypto Stealer Building a CI/CD pipeline for Sigma rules Inside StegoAd: How a Threat Actor Evolved to Fuel Silent Ad Fraud and Credential Theft at Scale A Djinn in the Machine: TaskWeaver’s Node.js Intrusion Chain Chromium extension uses AI‑related branding to redirect browser search Mustang Panda targets India’s government and energy sectors with ZOHOMURK and MINIRECON RustDuck: An In-Depth Analysis of a Two-Stage Botnet From Langflow to Monero: Inside CVE-2026-33017 Cryptominer The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaignVeil#Drop: Blogspot-Hosted PowerShell Loader Delivers PureLog Stealer Through XOR-Encoded In-Memory .NET PayloadsAnalysis of Ongoing Ousaban Attacks Targeting the Iberian Peninsula Browser-Only Ransomware: From LLM Hallucinations to a Practical Attack Technique Popa: From Sourcing to Distribution From CitrixBleed 2 to Cloudflared: The Tools and Techniques Behind Anubis Ransomware Attacks ToddyCat: your hidden email assistant. Part 2 PamStealer: a Rust-based macOS infostealer that validates credentials through PAMAnalysis of Ongoing Ousaban Attacks Targeting the Iberian PeninsulaJADEPUFFER: Agentic ransomware for automated database extortion Don’t Eat The ChocoPoCs! How Vulnerability Researchers Were Repeatedly Targeted By Trojanised ExploitsPolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems Lazarus-Linked npm Malware Masquerades as Rollup PolyfillsCloak and Detonate: Scanner Evasion and Dynamic Detection of Agent Skill MalwareAI-Generated PowerShell Malware: An Experimental Framework and DatasetA Lightweight Framework for Android Malware Detection via SDAE-Based Multi-View Static Feature FusionAddressing Data Scarcity in Malware Classification via Pixel-Level Synthetic Image GenerationFollow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, newsletter)