Collecting Cyber-News from over 60 sources

Tag: backdoor

Breach Roundup: UPenn Hit by Email Breach

Nov 6, 2025 10:19 PM

Tags: backdoor, breach, email, hacker, ransomware, risk, scam, supply-chain, ukraine

Also, Australian Police Arrest 55 in New Round of Anom App Sting. This week: UPenn hit by email breach, Australian police arrested 55, ‘SesameOp’ backdoor hid C2 traffic, BEC scammers used AWS, hackers stole trucking cargo, Ukrainian national extradited to United States for role in Conti ransomware and a supply chain risk in advanced installer…
Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine

Nov 6, 2025 5:19 PM

Tags: attack, backdoor, cybersecurity, email, phishing, russia, spear-phishing, threat, ukraine

A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities.The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense, describing it as Russia-aligned.”InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link First seen on thehackernews.com…
Cavalry Werewolf Hit Russian Government with New ShellNET Backdoor

Nov 6, 2025 3:19 PM

Tags: backdoor, cyberattack, government, group, russia

Doctor Web uncovers a targeted cyberattack on a Russian government body by the Cavalry Werewolf group using a new ShellNET backdoor and Telegram-based control. First seen on hackread.com Jump to article: hackread.com/cavalry-werewolf-russia-government-shellnet-backdoor/
Cavalry Werewolf Hit Russian Government with New ShellNET Backdoor

Nov 6, 2025 3:19 PM

Tags: backdoor, cyberattack, government, group, russia

Doctor Web uncovers a targeted cyberattack on a Russian government body by the Cavalry Werewolf group using a new ShellNET backdoor and Telegram-based control. First seen on hackread.com Jump to article: hackread.com/cavalry-werewolf-russia-government-shellnet-backdoor/
Chinesischsprachiges Cyberspionage-Tool auf über 1.500 Servern

Nov 6, 2025 6:19 AM

Tags: backdoor, cyberespionage, tool

Der europäische Cybersicherheitsspezialist NVISO hat eine großangelegte Kampagne zur Cyberspionage aufgedeckt. Über 1.500 Server waren betroffen und mit der modularen Backdoor VShell infiziert. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/chinesischsprachiges-cyberspionage-tool-auf-1-500-servern
Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM

Nov 6, 2025 5:19 AM

Tags: apt, backdoor, edr, linux

The post Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/curly-comrades-apt-bypasses-edr-by-hiding-linux-backdoor-inside-covert-hyper-v-vm/
Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM

Nov 6, 2025 5:19 AM

Tags: apt, backdoor, edr, linux

The post Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/curly-comrades-apt-bypasses-edr-by-hiding-linux-backdoor-inside-covert-hyper-v-vm/
APT ‘Bronze Butler’ Exploits Zero-Day to Root Japan Orgs

Nov 6, 2025 5:19 AM

Tags: apt, backdoor, china, endpoint, exploit, zero-day

A critical security issue in a popular endpoint manager (CVE-2025-61932) allowed Chinese state-sponsored attackers to backdoor Japanese businesses. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/bronze-butler-apt-exploits-zero-day-vuln-root-japan
FIN7 Hackers Leverage Windows SSH Backdoor for Stealthy Remote Access and Persistence

Nov 5, 2025 8:19 AM

Tags: access, backdoor, cyber, cybercrime, group, hacker, infrastructure, intelligence, threat, windows

The notorious FIN7 cybercriminal group, also known as Savage Ladybug, continues to rely on a sophisticated Windows SSH backdoor infrastructure with minimal modifications since 2022, according to threat intelligence analysis. The threat actor has maintained operational consistency while using an install.bat script paired with OpenSSH toolsets to establish reverse SSH and SFTP connections for maintaining…
Kimsuky Debuts HTTPTroy Backdoor Against South Korea Users

Nov 5, 2025 5:19 AM

Tags: attack, backdoor, group, korea, north-korea, threat

The well-known North Korean threat group continues to improve the obfuscation and anti-analysis features of its attack toolchain. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/kimsuky-httptroy-backdoor-south-korea-users
SesameOp Backdoor Abused OpenAI Assistants API for Remote Access

Nov 4, 2025 8:19 PM

Tags: access, api, backdoor, data, microsoft, openai, theft

Microsoft researchers found the SesameOp backdoor using OpenAI’s Assistants API for remote access, data theft, and command communication. First seen on hackread.com Jump to article: hackread.com/sesameop-backdoor-openai-assistants-api-access/
SesameOp: New backdoor exploits OpenAI API for covert C2

Nov 4, 2025 7:19 PM

Tags: api, backdoor, control, detection, exploit, incident response, microsoft, openai

Microsoft found a new backdoor, SesameOp, using the OpenAI Assistants API for stealthy command-and-control in hacked systems. Microsoft uncovered a new backdoor, named SesameOp, that abuses the OpenAI Assistants API for command-and-control, allowing covert communication within compromised systems. Microsoft Incident Response Detection and Response Team (DART) researchers discovered the backdoor in July 2025 while […]…
Hackers Hijack OpenAI API in Stealthy New Backdoor Attack

Nov 4, 2025 5:19 PM

Tags: api, attack, backdoor, control, exploit, hacker, openai

Hackers created a stealthy backdoor that exploits OpenAI’s API for covert command-and-control operations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/hackers-hijack-openai-api-in-stealthy-new-backdoor-attack/
SesameOp Backdoor Uses OpenAI API for Covert C2

Nov 4, 2025 4:19 PM

Tags: ai, api, attack, backdoor, malware, openai, service

Malware used in a months-long attack demonstrates how bad actors are misusing generative AI services in unique and stealthy ways. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/sesameop-backdoor-openai-api-covert-c2
OpenAI Assistants API Exploited in ‘SesameOp’ Backdoor

Nov 4, 2025 4:19 PM

Tags: api, backdoor, communications, control, exploit, openai

Instead of relying on more traditional methods, the backdoor exploits OpenAI’s Assistants API for command-and-control communications First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/openai-assistants-api-sesameop/
New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations

Nov 4, 2025 1:19 PM

Tags: ai, antivirus, api, attack, backdoor, detection, endpoint, injection, malicious, microsoft, monitoring, openai, ransomware, risk, threat

Lessons for defenders and platform providers: Microsoft clarified that OpenAI’s platform itself wasn’t breached or exploited; rather, its legitimate API functions were misused as a relay channel, highlighting a growing risk as generative AI becomes part of enterprise and development workflows. Attackers can now co-opt public AI endpoints to mask malicious intent, making detection significantly…
New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations

Nov 4, 2025 1:19 PM

Tags: ai, antivirus, api, attack, backdoor, detection, endpoint, injection, malicious, microsoft, monitoring, openai, ransomware, risk, threat

Lessons for defenders and platform providers: Microsoft clarified that OpenAI’s platform itself wasn’t breached or exploited; rather, its legitimate API functions were misused as a relay channel, highlighting a growing risk as generative AI becomes part of enterprise and development workflows. Attackers can now co-opt public AI endpoints to mask malicious intent, making detection significantly…
New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations

Nov 4, 2025 1:19 PM

Tags: ai, antivirus, api, attack, backdoor, detection, endpoint, injection, malicious, microsoft, monitoring, openai, ransomware, risk, threat

Lessons for defenders and platform providers: Microsoft clarified that OpenAI’s platform itself wasn’t breached or exploited; rather, its legitimate API functions were misused as a relay channel, highlighting a growing risk as generative AI becomes part of enterprise and development workflows. Attackers can now co-opt public AI endpoints to mask malicious intent, making detection significantly…
OpenAI API moonlights as malware HQ in Microsoft’s latest discovery

Nov 4, 2025 1:19 PM

Tags: api, backdoor, malware, microsoft, openai

Redmond uncovers SesameOp, a backdoor hiding its tracks by using OpenAI’s Assistants API as a command channel First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/openai_api_moonlights_as_malware/
OpenAI API moonlights as malware HQ in Microsoft’s latest discovery

Nov 4, 2025 1:19 PM

Tags: api, backdoor, malware, microsoft, openai

Redmond uncovers SesameOp, a backdoor hiding its tracks by using OpenAI’s Assistants API as a command channel First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/openai_api_moonlights_as_malware/
OpenAI API moonlights as malware HQ in Microsoft’s latest discovery

Nov 4, 2025 1:19 PM

Tags: api, backdoor, malware, microsoft, openai

Redmond uncovers SesameOp, a backdoor hiding its tracks by using OpenAI’s Assistants API as a command channel First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/openai_api_moonlights_as_malware/
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors

Nov 4, 2025 1:19 PM

Tags: backdoor, defense, email, malware, phishing, russia, service, threat

Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus.According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs…
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors

Nov 4, 2025 1:19 PM

Tags: backdoor, defense, email, malware, phishing, russia, service, threat

Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus.According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs…
Ransomware-Bande missbraucht Microsoft-Zertifikate

Nov 4, 2025 10:19 AM

Tags: access, antivirus, backdoor, detection, dns, edr, hacker, malware, microsoft, powershell, ransomware, service, software, strategy, tool, vulnerability, windows

Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
Ransomware-Bande missbraucht Microsoft-Zertifikate

Nov 4, 2025 10:19 AM

Tags: access, antivirus, backdoor, detection, dns, edr, hacker, malware, microsoft, powershell, ransomware, service, software, strategy, tool, vulnerability, windows

Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
Ransomware-Bande missbraucht Microsoft-Zertifikate

Nov 4, 2025 10:19 AM

Tags: access, antivirus, backdoor, detection, dns, edr, hacker, malware, microsoft, powershell, ransomware, service, software, strategy, tool, vulnerability, windows

Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
China’s president Xi Jinping jokes about backdoors in Xiaomi smartphones

Nov 4, 2025 8:19 AM

Tags: backdoor, china, korea

South Korea’s president laughed, so perhaps it was funny? Unlike China’s censorship and snooping First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/chinas_president_xi_jinping_jokes/