THE Security Affairs Malware newsletter Round 91, authored by Pierluigi Paganini and published on 05 April 2026, provides a curated collection of malware articles and research from the international landscape.
According to Security Affairs, the roundup includes items such as Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka, Axios Compromised: npm Supply Chain Attack via Dependency Injection, and North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack. It also highlights RoadK1ll: A WebSocket Based Pivoting Implant and UAC-0255 cyberattack disguised as a CERT-UA notification using AGEWHEEZE, among others.
The list features analyses spanning malware, cybercrime and security topics, with additional items like Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government and CrystalX RAT: a MaaS malware that combines spyware, stealer and remote access. Readers are invited to follow Security Affairs for further coverage and related newsletters.