A recent surge in malware activity has been observed, with the JDownloader site being compromised to distribute Python RAT malware via tainted installers. Meanwhile, a new variant of the TrickMo malware has emerged, targeting financial and banking applications. Threat actor Mr_Rot13 is actively exploiting the CVE-2026-41940 vulnerability to deploy backdoors1. Additionally, a campaign dubbed Operation HumanitarianBait is using fake aid documents to spread Python spyware. The disclosure of CVE-2026-41940 has expanded the attack surface, making it essential for practitioners to prioritize their exposure and exploitation evidence. This highlights the need for continuous monitoring and patching of vulnerable systems to prevent exploitation. The evolving malware landscape poses significant risks to organizations, and staying informed about the latest threats is crucial for maintaining robust security posture. So what matters most to practitioners is the urgent need to assess their exposure to CVE-2026-41940 and take proactive measures to prevent backdoor deployments.
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97
⚠️ Critical Alert
Why This Matters
CVE-2026-41940 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- SecurityAffairs. (2026, May 17). SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97. *SecurityAffairs*. https://securityaffairs.com/192278/security/security-affairs-malware-newsletter-round-97.html
Original Source
SecurityAffairs
Read original →