Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape————————————————————————————————————————————-Malware Newsletter[Brewing Trouble — Dissecting a macOS Malware Campaign](https://medium.com/deriv-tech/brewing-trouble-dissecting-a-macos-malware-campaign-90c2c24de5dc)[Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware](https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages)[Prompts as Code -& Embedded Keys -| The Hunt for LLM-Enabled Malware](https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/)[The Chameleon’s Trap: Inside the Top 3 Exploit Thriving on 60% of Unpatched MS Office Systems](https://www.strongestlayer.com/blog/the-chameleons-trap-top-3-ms-office-exploits-unpatched-systems)[YiBackdoor: A New Malware Family With Links to IcedID and Latrodectus](https://www.zscaler.com/blogs/security-research/yibackdoor-new-malware-family-links-icedid-and-latrodectus)[Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys](https://socket.dev/blog/two-malicious-rust-crates-impersonate-popular-logger-to-steal-wallet-keys)[How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking](https://blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/)[Mapping the Infrastructure and Malware Ecosystem of MuddyWater](https://www.group-ib.com/blog/muddywater-infrastructure-malware/)[Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign](https://unit42.paloaltonetworks.com/operation-rewrite-seo-poisoning-campaign/)[ShadowV2: An emerging DDoS for hire botnet](https://www.darktrace.com/blog/shadowv2-an-emerging-ddos-for-hire-botnet)[Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors](https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign)[RedNovember Targets Government, Defense, and Technology Organizations](https://www.recordedfuture.com/research/rednovember-targets-government-defense-and-technology-organizations)[Malware Analysis Report RayInitiator -& LINE VIPER](https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/RayInitiator-LINE-VIPER/ncsc-mar-rayinitiator-line-viper.pdf)[XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory](https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/)[Bearlyfy: The Evolution of a New Ransomware Group and Its Connection to PhantomCore](https://www.f6.ru/blog/bearlyfy/)[Updated BO Team Grouping Tools](https://securelist.ru/bo-team-upgrades-brockendoor-and-zeronetkit-backdoors/113536/)[Deniability by Design: DNS-Driven Insights into a Malicious Ad Network](https://blogs.infoblox.com/threat-intelligence/deniability-by-design-dns-driven-insights-into-a-malicious-ad-network/)[Defending against Stegomalware in Deep Neural Networks with Permutation Symmetry](https://arxiv.org/abs/2509.20399)[CyberSOCEval: Benchmarking LLMs Capabilities for Malware Analysis and Threat Intelligence Reasoning](https://arxiv.org/abs/2509.20166)[DCmal-2025: A Novel Routing-Based DisConnectivity Malware—Development, Impact, and Countermeasures](https://www.mdpi.com/2076-3417/15/18/10219)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, [newsletter](https://securityaffairs.com/181970/breaking-news/security-affairs-malware-newsletter-round-61.html))
Related Tags:
Unidentified 111
Latrodectus
Mango Sandstorm
TA450
RainyDay
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
Associated Indicators: