SesameOp Backdoor Abused OpenAI Assistants API for Remote Access
Microsoft researchers found the SesameOp backdoor using OpenAI’s Assistants API for remote access, data theft, and command communication.
Google fixed a critical remote code execution in Android
Google’s November 2025 Android update fixes two flaws in the System component, including a critical remote code execution issue. Google’s November 2025 Android security updates addressed two vulnerabilities impacting the System component. The fixes are included in the 2025-11-01 security patch level, the only patch level released this month by the IT giant. “The most […]
SesameOp: New backdoor exploits OpenAI API for covert C2
Microsoft found a new backdoor, SesameOp, using the OpenAI Assistants API for stealthy command-and-control in hacked systems. Microsoft uncovered a new backdoor, named SesameOp, that abuses the OpenAI Assistants API for command-and-control, allowing covert communication within compromised systems. Microsoft Incident Response – Detection and Response Team (DART) researchers discovered the backdoor in July 2025 while […]
DHS New 75-Year Biometric Database: What’s It Really Good For?
The new DHS rule (effective December 26, 2025) authorizes CBP to photograph all non-citizens at every entry and exit point, with photos retained for up to 75 years in the Automated Biometric Identification System (IDENT). It targets anyone crossing at …
Google Big Sleep found five vulnerabilities in Safari
Google’s AI agent, Big Sleep, helped Apple discover five WebKit flaws in Safari that could lead to browser crashes or memory corruption. Google’s AI agent Big Sleep helped Apple discover five WebKit flaws in Safari that could lead to browser crashes or memory corruption if exploited. Big Sleep is an AI agent developed by Google […]
China-Linked Hackers Target Cisco Firewalls in Global Campaign
New reports show China-based hackers are targeting US federal, state, and global government networks via unpatched Cisco firewalls. Get the full details and necessary steps to secure devices.
Iran showcases military innovations at Pakistan Maritime Expo
The second Pakistan International Maritime Exhibition and Conference opened on Monday in the port city of Karachi, with a high-ranking delegation from the Armed Forces of the Islamic Republic of Iran participating in the event. For the first time, the…
Department of Know
I was invited to speak on the CISO Series: Department of Know
Defensive Security Podcast Episode 328
Want to be the first to hear our episodes each week? Become a Patreon donor here.
Links we discuss this week:
https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html?m=1
https://www.cybersecuritydive.com/news/artificial-…
Jabber Zeus developer ‘MrICQ’ extradited to US from Italy
Ukrainian Yuriy Rybtsov, aka MrICQ, a suspected Jabber Zeus developer, was extradited from Italy to the US to face cybercrime charges. Ukrainian national Yuriy Igorevich Rybtsov (41), aka MrICQ, an alleged Jabber Zeus developer, was arrested in Italy, lost his extradition appeal, and has been sent to the US to face cybercrime charges. After a […]