Security
Headlines
HeadlinesLatestCVEs

Tag

#backdoor

SesameOp Backdoor Uses OpenAI API for Covert C2

Malware used in a months-long attack demonstrates how bad actors are misusing generative AI services in unique and stealthy ways.

DARKReading
Open in Source
#backdoor
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors

Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus. According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs obfs4 for

Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel

Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. "Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised

⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More

Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky phishing, the attacks came from all sides. Even encrypted backups and secure areas were put to the test.

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a ZIP file ("250908_A_HK이노션

Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack

A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it's tracking the cluster under the moniker CL-STA-1009, where "CL" stands for cluster and "STA" refers to state-backed motivation. "Airstalk misuses the AirWatch API for mobile device management (MDM), which is now

China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems

The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick. The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month, said that it

Year-Long Nation-State Hack Hits US Telecom Ribbon Communications

Ribbon Communications discloses a year-long breach by nation-state actors. The attack highlights critical supply chain risk, reflecting the Salt Typhoon and F5 espionage trends.

Fake PayPal invoice from Geek Squad is a tech support scam

Tina Pal wants a word about your PayPal account—but it's a scam. Here’s how to spot the red flags and what to do if you’ve already called.

ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising

The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s