Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape————————————————————————————————————————————-[Supply chain attack hits Gluestack NPM packages with 960K weekly downloads](https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/)[Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721](https://securelist.com/mirai-botnet-variant-targets-dvr-devices-with-cve-2024-3721/116742/)[Destructive npm Packages Disguised as Utilities Enable Remote System Wipe](https://socket.dev/blog/destructive-npm-packages-enable-remote-system-wipe)[AMOS Variant Distributed Via Clickfix In Spectrum-Themed Dynamic Delivery Campaign By Russian Speaking Hackers](https://www.cloudsek.com/blog/amos-variant-distributed-via-clickfix-in-spectrum-themed-dynamic-delivery-campaign-by-russian-speaking-hackers)[Demystifying Myth Stealer: A Rust Based InfoStealer](https://www.trellix.com/en-in/blogs/research/demystifying-myth-stealer-a-rust-based-infostealer/)[DanaBleed: DanaBot C2 Server Memory Leak Bug](https://www.zscaler.com/blogs/security-research/danableed-danabot-c2-server-memory-leak-bug)[Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability](https://www.akamai.com/blog/security-research/botnets-flaw-mirai-spreads-through-wazuh-vulnerability)[From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery](https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/)[JSFireTruck: Exploring Malicious JavaScript Using JSF-*ck as an Obfuscation Technique](https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/)[Fog Ransomware: Unusual Toolset Used in Recent Attack](https://www.security.com/threat-intelligence/fog-ransomware-attack)[Operation Phantom Enigma](https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/operation-phantom-enigma)[Graphite Caught First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted](https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/)[Empirical Quantification of Spurious Correlations in Malware Detection](https://arxiv.org/abs/2506.09662)[Striking Back At Cobalt: Using Network Traffic Metadata To Detect Cobalt Strike Masquerading Command and Control Channels](https://arxiv.org/abs/2506.08922)[A Survey on Reinforcement Learning-Driven Adversarial Sample Generation for PE Malware](https://www.mdpi.com/2079-9292/14/12/2422)[Crypto-Ransomware Detection Through a Honeyfile-Based Approach with R-Locker](https://www.mdpi.com/2227-7390/13/12/1933)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, malware)
Related Tags:
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 51 – Information
Blog: Security Affairs
Masquerading
Associated Indicators: