Security Affairs Publishes Malware Newsletter Round 95 Highlighting New Supply‑Chain Sabotage, IoT Botnets, and Credential‑Stealing Malware
What Happened — Security Affairs released its 95th malware newsletter, aggregating recent research on 15+ threats, including a “Mystery ShadowBrokers” sabotage tool predating Stuxnet, the GlassWorm‑linked VSX sleeper extensions, the CapFix ransomware targeting Russian entities, and a supply‑chain attack compromising SAP CAP and Cloud MTA npm packages.
Why It Matters for TPRM —
- Provides early‑warning intel on emerging malware that could affect third‑party software components.
- Highlights supply‑chain compromises (e.g., npm packages) that directly impact vendor risk assessments.
- Shows evolving tactics such as AI‑driven supply‑chain attacks and IoT botnet expansions, prompting review of existing controls.
Who Is Affected — Technology vendors, SaaS providers, cloud‑hosting services, IoT device manufacturers, and any organization relying on third‑party npm or Maven packages.
Recommended Actions —
- Review any third‑party dependencies referenced in the newsletter (e.g., SAP CAP, npm packages) for known compromises.
- Validate that supply‑chain security controls (SBOMs, code signing, dependency scanning) are in place and up‑to‑date.
- Enhance monitoring for the specific malware families mentioned (GlassWorm, CapFix, Deep#Door, etc.).
Technical Notes — The newsletter cites multiple attack vectors: supply‑chain poisoning of npm/MTA packages, credential‑stealing backdoors leveraging tunneling and in‑memory execution, and AI‑model poisoning of Hugging Face and OpenClaw. No specific CVE numbers are disclosed. Source: Security Affairs Malware Newsletter Round 95