Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

Stolen vault backups from the 2022 LastPass breach are still being cracked, allowing attackers to steal crypto as late as 2025.

Hacker claims Condé Nast breach, leaking 2.3M WIRED subscriber records and threatening to expose up to 40M more from other brands.

Google and Microsoft execs are clashing with South Korean suppliers as a massive HBM shortage forces Apple to face a 230% price hike for iPhone RAM.

Microsoft is testing a major fix for Windows 11 File Explorer that eliminates redundant indexing, slashing RAM and CPU usage for faster file searches.

Aikido Security uncovers the first sophisticated malware on Maven Central: a "prefix swap" attack on the Jackson library used to steal data.

Samsung confirms it has "frozen" Google Play system updates to protect One UI 8 stability. Learn why your Galaxy is stuck and when it will resume in 2026.

A malicious update to Trust Wallet v2.68.0 enabled a $7M Christmas Day heist. Users must update to v2.69.0 immediately to secure their funds.

Google is upstreaming Propeller to LLVM, bringing its 10% performance boost for the Linux kernel and large-scale apps to the standard compiler toolchain.

EmEditor confirms its official site was compromised, redirecting users to a malicious MSI signed by WALSHAM INVESTMENTS LIMITED to steal sensitive data.

pwn.ai reveals CVE-2025-54322, the first remotely exploitable zero-day found by autonomous AI agents, targeting Xspeeder SD-WAN gear globally.

ERNW exposes "Headphone Jacking," a critical Airoha RACE flaw in Sony & JBL chips allowing hackers to eavesdrop and hijack connected smartphones.

GreyNoise reveals a massive Japan-based holiday campaign: 2.5 million attacks targeting 767 CVEs to harvest access for ransomware gangs.

MongoBleed (CVE-2025-14847) allows unauthenticated MongoDB memory leaks. With Joe Desimone's PoC released, upgrade to v8.0.17 or v7.0.28 now!

Joseph Goydish uncovers a critical integer overflow in iOS 26.2’s WebKit. Proof of Concept shows how attackers can crash browsers or trigger RCE.

The most damaging cyber incidents across ASEAN this year did not start with malware, zero-days, or system breaches.

A China-linked APT used DNS poisoning to deliver the MgBot backdoor in targeted cyber-espionage attacks in Türkiye, China, and India.

Experts refer to these periods as the Global Commerce Vulnerability Window, marked by intense transaction volumes and limited human oversight.

Weeks after the devastating "Second Coming" campaign crippled thousands of development environments, the threat actor behind the Shai-Hulud worm has returned.

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.