THE 'Security Affairs Malware Newsletter Round 99' compiles significant research and articles on malware activity. Key highlights include:
- Mass compromises of Ghost CMS via CVE-2026-26980 leading to ClickFix attacks.
- A TrapDoor crypto stealer targeting multiple package managers, affecting 34 packages.
- The Lazarus group's RemotePE RAT hidden in memory.
- Operations of Nimbus Manticore during Iranian conflicts.
- Iranian APT Screening Serpens and their espionage campaigns.
- Exploits of the KnowledgeDeliver service through ViewState issues.
- Introduction of Showboat, a new malware targeting telecom sectors.
- A comprehensive review of fileless malware.
- Takedown of the developer-targeting Glassworm botnet.
- Targeted campaigns by Grandoreiro in Europe and Latin America.
- Discoveries of non-necessary malicious npm packages leaking sensitive data.