Tag: microsoft
-
K-12 Google Microsoft Security and Safety Through a “Single Pane of Glass”
Cloud Monitor Helps Tyrone Area School District’s IT Team Keep Accounts Secure, Students Safe, and Security Budget Justified Tyrone Area School District, located in Tyrone, Pennsylvania, serves a community of approximately 1,700 students and 300 faculty and staff. The district uses Google Workspace and Microsoft 365 for education and business, with full one-to-one device deployment.…
-
K-12 Google Microsoft Security and Safety Through a “Single Pane of Glass”
Cloud Monitor Helps Tyrone Area School District’s IT Team Keep Accounts Secure, Students Safe, and Security Budget Justified Tyrone Area School District, located in Tyrone, Pennsylvania, serves a community of approximately 1,700 students and 300 faculty and staff. The district uses Google Workspace and Microsoft 365 for education and business, with full one-to-one device deployment.…
-
Louvre delayed Windows security updates ahead of burglary
No updates for eight security applications: The newspaper also examined calls for tender and other public procurement documents issued by the musem in the years since the audits.Twenty years of technical debt weighed heavily on security at the Louvre, as it steadily accumulated systems for analogue video surveillance, digital video surveillance, intrusion detection, and access…
-
Russian hackers abuse Hyper-V to hide malware in Linux VMs
The Russian hacker group Curly COMrades has been abusing Microsoft’s Hyper-V virtualization technology in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-abuse-hyper-v-to-hide-malware-in-linux-vms/
-
Windows 10 update bug triggers incorrect endsupport alerts
Microsoft says the October 2025 updates trigger incorrect end-of-support warnings on Windows 10 systems with active security coverage or still under active support. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-10-update-bug-triggers-incorrect-end-of-support-alerts/
-
Windows 10 update bug triggers incorrect endsupport alerts
Microsoft says the October 2025 updates trigger incorrect end-of-support warnings on Windows 10 systems with active security coverage or still under active support. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-10-update-bug-triggers-incorrect-end-of-support-alerts/
-
New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations
Lessons for defenders and platform providers: Microsoft clarified that OpenAI’s platform itself wasn’t breached or exploited; rather, its legitimate API functions were misused as a relay channel, highlighting a growing risk as generative AI becomes part of enterprise and development workflows. Attackers can now co-opt public AI endpoints to mask malicious intent, making detection significantly…
-
OpenAI API moonlights as malware HQ in Microsoft’s latest discovery
Redmond uncovers SesameOp, a backdoor hiding its tracks by using OpenAI’s Assistants API as a command channel First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/openai_api_moonlights_as_malware/
-
OpenAI API moonlights as malware HQ in Microsoft’s latest discovery
Redmond uncovers SesameOp, a backdoor hiding its tracks by using OpenAI’s Assistants API as a command channel First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/openai_api_moonlights_as_malware/
-
OpenAI API moonlights as malware HQ in Microsoft’s latest discovery
Redmond uncovers SesameOp, a backdoor hiding its tracks by using OpenAI’s Assistants API as a command channel First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/openai_api_moonlights_as_malware/
-
New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations
Lessons for defenders and platform providers: Microsoft clarified that OpenAI’s platform itself wasn’t breached or exploited; rather, its legitimate API functions were misused as a relay channel, highlighting a growing risk as generative AI becomes part of enterprise and development workflows. Attackers can now co-opt public AI endpoints to mask malicious intent, making detection significantly…
-
New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations
Lessons for defenders and platform providers: Microsoft clarified that OpenAI’s platform itself wasn’t breached or exploited; rather, its legitimate API functions were misused as a relay channel, highlighting a growing risk as generative AI becomes part of enterprise and development workflows. Attackers can now co-opt public AI endpoints to mask malicious intent, making detection significantly…
-
Microsoft streicht Datum aus Updatenamen und nimmt es zurück
Das Datum im Namen eines Windows-Updates ist laut Microsoft ein unnötiges technisches Detail. Admins sehen das aber anders. First seen on golem.de Jump to article: www.golem.de/news/windows-microsoft-streicht-datum-aus-updatenamen-und-nimmt-es-zurueck-2511-201806.html
-
Ransomware-Bande missbraucht Microsoft-Zertifikate
Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
-
Ransomware-Bande missbraucht Microsoft-Zertifikate
Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
-
Ransomware-Bande missbraucht Microsoft-Zertifikate
Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
-
SesameOp: Using the OpenAI Assistants API for Covert C2 Communication
Microsoft’s Detection and Response Team has exposed a sophisticated backdoor malware that exploits the OpenAI Assistants API as an unconventional command-and-control communication channel. Named SesameOp, this threat demonstrates how adversaries are rapidly adapting to leverage legitimate cloud services for malicious purposes, making detection significantly more challenging for security teams. The discovery highlights the evolving tactics…
-
Microsoft’s WSUS Patch Causes Hotpatching Failures on Windows Server 2025
Microsoft has acknowledged a critical issue affecting Windows Server 2025 systems enrolled in the Hotpatch program. A recent Windows Server Update Services (WSUS) patch was inadvertently distributed to machines configured to receive Hotpatch updates, causing disruptions to the seamless patching process that allows security updates without requiring system restarts. Distribution Error Impacts Hotpatch-Enrolled Systems The…
-
Microsoft Detects “SesameOp” Backdoor Using OpenAI’s API as a Stealth Command Channel
Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications.”Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised First seen…
-
Microsoft Fixes Long-Standing ‘Update and Shut Down’ Bug in Windows 11
Your Windows 11 PC will finally shut down! Learn about the KB5067036 update that fixes the decades-old restart glitch, plus new features like faster search and simpler update names. First seen on hackread.com Jump to article: hackread.com/microsoft-fixe-update-and-shut-down-bug-windows-11/
-
Sketchy Graphics: Windows GDI Flaws Open RCE and Data Loss
Check Point finds Windows GDI bugs enabling RCE and data leaks. Learn how Microsoft patched and how to protect your systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/windows-gdi-vulnerabilities/
-
Unauthenticated RCE in WSUS Puts Organizations at Risk
Microsoft patches WSUS RCE flaw letting attackers gain SYSTEM access. Learn how to secure servers and prevent exploitation. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/wsus-vulnerability/
-
SesameOp malware abuses OpenAI Assistants API in attacks
Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-sesameop-malware-abuses-openai-assistants-api-in-attacks/
-
Unauthenticated RCE in WSUS Puts Organizations at Risk
Microsoft patches WSUS RCE flaw letting attackers gain SYSTEM access. Learn how to secure servers and prevent exploitation. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/wsus-vulnerability/