Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscapeMalware NewsletterPopular node-ipc npm Package Infected with Credential Stealer New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are HereActive Supply Chain Attack Compromises @antv Packages on npmactions-cool/issues-helper GitHub Action Compromised: All Tags Point to Imposter Commit That Exfiltrates CI/CD Credentials Disrupting Fox Tempest: A cybercrime service that turned “verified” software into a pathway for ransomware Void Botnet uses Ethereum smart contracts for seizure-resistant C2 Kash Patel’s clothing brand website shut down after reports it was hacked Megalodon: Mass GitHub Repo Backdooring via CI Workflows Updated UAC-0057 toolkit: OYSTERFRESH, OYSTERSHUCK and OYSTERBLUES Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects Tracking Iranian APT Screening Serpens’ 2026 Espionage CampaignsA Large Language Model Approach to Generating Bypass Rules for Malware Evasion in Analysis SandboxDetecting Ransomware Through Dynamic API Call Monitoring and Machine LearningMalwarePT: A Binary-Level Foundation Model for Malware AnalysisFeature-Engineered Trojan Malware Detection on Windows-Based IoT Gateways Using a Custom Deep Neural Network and Automated Monitoring PipelineFollow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, newsletter)