Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape————————————————————————————————————————————-Malware Newsletter[SmokeLoader Rises From the Ashes](https://www.zscaler.com/blogs/security-research/smokeloader-rises-ashes)[Hive0154, aka Mustang Panda, drops updated Toneshell backdoor and novel SnakeDisk USB worm](https://www.ibm.com/think/x-force/hive0154-drops-updated-toneshell-backdoor)[Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages](https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages)[Self-replicating Shai-hulud worm spreads token-stealing malware on npm](https://www.reversinglabs.com/blog/shai-hulud-worm-npm)[FileFix in the wild! New FileFix campaign goes beyond POC and leverages steganography](https://www.acronis.com/en/tru/posts/filefix-in-the-wild-new-filefix-campaign-goes-beyond-poc-and-leverages-steganography/)[Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation](https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-slopads-covers-fraud-with-layers-of-obfuscation/)[CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems](https://www.cisa.gov/news-events/alerts/2025/09/18/cisa-releases-malware-analysis-report-malicious-listener-targeting-ivanti-endpoint-manager-mobile)[Gamaredon X Turla collab](https://www.welivesecurity.com/en/eset-research/gamaredon-x-turla-collab/)[Prompts as Code -& Embedded Keys -| The Hunt for LLM-Enabled Malware](https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/)[Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware](https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages)[Microarchitectural Malware Detection via Translation Lookaside Buffer (TLB) Events](https://www.mdpi.com/2624-800X/5/3/75)[DCmal-2025: A Novel Routing-Based DisConnectivity Malware—Development, Impact, and Countermeasures](https://www.mdpi.com/2076-3417/15/18/10219)[BEACON: Behavioral Malware Classification with Large Language Model Embeddings and Deep Learning](https://arxiv.org/abs/2509.14519)[Beyond Classification: Evaluating LLMs for Fine-Grained Automatic Malware Behavior Auditing](https://arxiv.org/abs/2509.14335)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, [newsletter](https://securityaffairs.com/181970/breaking-news/security-affairs-malware-newsletter-round-61.html))
Related Tags:
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 51 – Information
Snake
Turla
Waterbug
Associated Indicators: