ACCORDING to Security Affairs, the Security Affairs Malware newsletter Round 97, by Pierluigi Paganini, offers a curated collection of malware research from around the international landscape and was published on 17 May 2026. The feature highlights include JDownloader site hacked to replace installers with Python RAT malware, and a look at a New TrickMo Variant described as targeting banking, fintech, wallet and authentication apps.
It also notes Threat Actor Mr_Rot13 actively exploiting CVE-2026-41940 for backdoor deployment, and Operation HumanitarianBait which uses fake aid documents to deploy Python spyware. Additional entries mention Mini Shai-Hulud returning with an npm worm affecting multiple packages, and coverage of FamousSparrow APT targeting the Azerbaijani oil and gas industry.
The newsletter also lists related items such as a piece on Go-to resources for Go malware, and offers further links to related security research and blog analyses.