SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 44

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape————————————————————————————————————————————-[io_uring Is Back, This Time as a Rootkit](https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/)[I StealC You: Tracking the Rapid Changes To StealC](https://www.zscaler.com/blogs/security-research/i-stealc-you-tracking-rapid-changes-stealc)[Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin](https://www.wordfence.com/blog/2025/04/interesting-wordpress-malware-disguised-as-legitimate-anti-malware-plugin/)[Using Trusted Protocols Against You: Gmail as a C2 Mechanism](https://socket.dev/blog/using-trusted-protocols-against-you-gmail-as-a-c2-mechanism)[Semantic-Aware Contrastive Fine-Tuning: Boosting Multimodal Malware Classification with Discriminative Embeddings](https://arxiv.org/abs/2504.21028)[Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin](https://www.wordfence.com/blog/2025/04/interesting-wordpress-malware-disguised-as-legitimate-anti-malware-plugin/)[The Rapid Evolution of CLEARFAKE Delivery](https://www.kroll.com/en/insights/publications/cyber/rapid-evolution-of-clearfake-delivery)[Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting](https://www.recordedfuture.com/research/uncovering-mintsloader-with-recorded-future-malware-intelligence-hunting)[wget to Wipeout: Malicious Go Modules Fetch Destructive Payload](https://socket.dev/blog/wget-to-wipeout-malicious-go-modules-fetch-destructive-payload)[Dual Explanations via Subgraph Matching for Malware Detection](https://arxiv.org/abs/2504.20904)[Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors](https://www.trendmicro.com/en_us/research/25/d/earth-kurma-apt-campaign.html)[Inside the Latest Espionage Campaign of Nebulous Mantis](https://catalyst.prodaft.com/public/report/inside-the-latest-espionage-campaign-of-nebulous-mantis/overview)[DarkWatchman cybercrime malware returns on Russian networks](https://therecord.media/darkwatchman-malware-russia-cybercrime-hive0117)[MAL-XSEL: Enhancing Industrial Web Malware Detection with an Explainable Stacking Ensemble Model](https://www.mdpi.com/2227-9717/13/5/1329)[Using Trusted Protocols Against You: Gmail as a C2 Mechanism](https://socket.dev/blog/using-trusted-protocols-against-you-gmail-as-a-c2-mechanism)Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [**Mastodon**](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, newsletter)**

Related Tags:
Desert Falcon

Arid Viper

Two-tailed Scorpion

Mantis

Big Bang APT

TAG-63

APT-C-23

NAICS: 921 – Executive

Legislative

Other General Government Support

NAICS: 54 – Professional

Scientific

Technical Services

Associated Indicators:

Threat Intel Solutions

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 44

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us