SECURITY Affairs’ Malware Newsletter Round 86, authored by Pierluigi Paganini, was published on 01 March 2026 and presents a curated collection of malware research and related articles from the international landscape. The roundup showcases items such as Technical Deep Dive: The Monero Mining Campaign and Operation Olalampo: Inside MuddyWater’s Latest Campaign, highlighting ongoing cryptomining and state‑linked activity.
It also features VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731), and Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure. Other entries include Arkanix Stealer, North Korean Lazarus Group Now Working With Medusa Ransomware, and Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign, with links to security researchers and vendors such as Trellix, Group‑IB and Palo Alto Networks Unit 42.
The newsletter further lists developments such as New Malicious npm Package “ambar-src” Targets Developers with Open Source Malware and Steaelite RAT Enables Double Extortion Attacks from a Single Panel, offering readers a snapshot of recent malware trends.