SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 63

Pierluigi Paganini
September 21, 2025

Malware Newsletter

SmokeLoader Rises From the Ashes 

Hive0154, aka Mustang Panda, drops updated Toneshell backdoor and novel SnakeDisk USB worm

Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages 

Self-replicating Shai-hulud worm spreads token-stealing malware on npm  

FileFix in the wild! New FileFix campaign goes beyond POC and leverages steganography 

Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation  

CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems  

Gamaredon X Turla collab

Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware

Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware      

Microarchitectural Malware Detection via Translation Lookaside Buffer (TLB) Events

DCmal-2025: A Novel Routing-Based DisConnectivity Malware—Development, Impact, and Countermeasures

BEACON: Behavioral Malware Classification with Large Language Model Embeddings and Deep Learning

Beyond Classification: Evaluating LLMs for Fine-Grained Automatic Malware Behavior Auditing

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

facebook
linkedin
twitter

Cybercrime
Hacking
hacking news
information security news
IT Information Security
malware
Newsletter
Pierluigi Paganini
Security Affairs
Security News