Daily Cyber News

Microsoft Detects ‘SesameOp’ Backdoor Using OpenAI API as Stealth Command Channel

Microsoft has exposed a novel and sophisticated backdoor, codenamed SesameOp, that abuses the legitimate OpenAI Assistants API as its primary command-and-control (C2) channel. This technique represents a significant evolution in cyber espionage, allowing attackers to hide their communications within trusted, everyday AI traffic. A New Stealth Tactic: Hiding in Plain Sight Discovered by the Microsoft Detection […]

Microsoft Detects ‘SesameOp’ Backdoor Using OpenAI API as Stealth Command Channel Read More »

U.S. Prosecutors Charge Cybersecurity Insiders for Involvement in BlackCat Ransomware Attacks

In a case that blurs the line between defender and attacker, U.S. federal prosecutors have charged three individuals, including two cybersecurity professionals, for their alleged involvement in a series of BlackCat (ALPHV) ransomware attacks targeting American companies. The accused allegedly exploited their industry positions to carry out and negotiate extortion schemes. The Accused: From Threat

U.S. Prosecutors Charge Cybersecurity Insiders for Involvement in BlackCat Ransomware Attacks Read More »

SleepyDuck VSX Extension Uses Ethereum to Sustain Its Command Server

A malicious extension discovered in the Open VSX registry poses a significant threat to developers by embedding a remote access trojan named SleepyDuck. What makes this threat particularly resilient is its innovative use of the Ethereum blockchain to maintain contact with its command server, ensuring it can survive traditional takedown efforts. The Malicious Extension and Its

SleepyDuck VSX Extension Uses Ethereum to Sustain Its Command Server Read More »

New Business Email Protection Method Blocks Phishing Attack Behind NPM Breach

A highly sophisticated phishing campaign successfully targeted high-profile developers on the NPM registry in September 2025, leading to one of the most significant supply chain attacks in its history. The attackers combined convincing social engineering with technical precision to steal credentials and inject malicious code into widely used packages, ultimately aiming to hijack cryptocurrency transactions.

New Business Email Protection Method Blocks Phishing Attack Behind NPM Breach Read More »

Hackers Deliver SSH-Tor Backdoor Through Weaponized Military Documents in ZIP Files

In a highly targeted cyber espionage campaign uncovered in October 2025, threat actors have been deploying a sophisticated SSH-Tor backdoor by disguising it within weaponized military documents. The attack, aimed at defense personnel, demonstrates a significant evolution in combining social engineering with advanced technical stealth to maintain persistent access to compromised systems. The Lure: A

Hackers Deliver SSH-Tor Backdoor Through Weaponized Military Documents in ZIP Files Read More »

Researchers Discover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Information

Cybersecurity researchers have exposed two sophisticated Android trojans, BankBot-YNRK and DeliveryRAT, which are actively stealing sensitive financial information from users worldwide. These malware families employ advanced evasion techniques and abuse core phone functionalities to commit fraud and data theft on a significant scale. BankBot-YNRK: A Highly Evasive Banking Trojan Analyzed by CYFIRMA, BankBot-YNRK is a dangerous malware

Researchers Discover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Information Read More »

Cybercriminals Abuse Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

A financially motivated threat cluster is systematically targeting trucking and logistics companies, weaponizing common Remote Monitoring and Management (RMM) software to infiltrate their networks. The ultimate goal of these attacks is to hijack freight operations and steal high-value physical cargo, particularly food and beverage products. The Campaign’s Objective: Cargo Theft via Digital Intrusion According to

Cybercriminals Abuse Remote Monitoring Tools to Infiltrate Logistics and Freight Networks Read More »

HttpTroy Backdoor Poses as VPN Invoice to Infiltrate South Korean Targets

The North Korea-aligned advanced persistent threat (APT) group Kimsuky has been discovered using a previously unknown backdoor, codenamed HttpTroy, in a highly targeted spear-phishing campaign. The attack, aimed at a single victim in South Korea, employed a sophisticated multi-stage infection chain disguised as a legitimate VPN invoice. The Deceptive Lure and Initial Compromise The attack began

HttpTroy Backdoor Poses as VPN Invoice to Infiltrate South Korean Targets Read More »

Russian Ransomware Groups Weaponize Open-Source AdaptixC2 for Advanced Attacks

A powerful open-source command-and-control (C2) framework named AdaptixC2 is rapidly being adopted by a wide range of cybercriminals, with strong links to Russian ransomware operations. This trend highlights the ongoing weaponization of legitimate security tools by threat actors to conduct more advanced and evasive attacks. What is AdaptixC2? AdaptixC2 is an emerging, extensible post-exploitation framework

Russian Ransomware Groups Weaponize Open-Source AdaptixC2 for Advanced Attacks Read More »

Nation-State Hackers Use New Airstalk Malware in Suspected Supply Chain Attack

A sophisticated threat actor, believed to be state-sponsored, has been discovered using a previously unknown malware family dubbed “Airstalk” in a suspected software supply chain attack. The malware uniquely abuses a legitimate enterprise mobile device management (MDM) API to establish a covert communication channel with its operators. The Attacker and the Malware’s Core Deception Tracked

Nation-State Hackers Use New Airstalk Malware in Suspected Supply Chain Attack Read More »