Breaking News – Cyber Threats (last 6h)
Generated: 2025-11-03 12:00 PST
- Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks
BleepingComputer • 2025-11-03 10:35 • www.bleepingcomputer.com
Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. […]
https://www.bleepingcomputer.com/news/security/microsoft-sesameop-malware-abuses-openai-assistants-api-in-attacks/ - Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive
The Hacker News • 2025-11-03 10:08 • thehackernews.com
Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck.
According to Secure Annex’s John Tuckner, the extension in question, juan-bianco.solidity-vlang (version 0.0.7), was first published on October 31, 2025, as a completely benign library that was subsequently updated to version 0.0.8 on November 1 to
https://thehackernews.com/2025/11/malicious-vsx-extension-sleepyduck-uses.html - US cybersecurity experts indicted for BlackCat ransomware attacks
BleepingComputer • 2025-11-03 09:15 • www.bleepingcomputer.com
Three former employees of cybersecurity incident response companies DigitalMint and Sygnia have been indicted for allegedly hacking the networks of five U.S. companies in BlackCat (ALPHV) ransomware attacks between May 2023 and November 2023. […]
https://www.bleepingcomputer.com/news/security/us-cybersecurity-experts-indicted-for-blackcat-ransomware-attacks/ - Hackers use RMM tools to breach freighters and steal cargo shipments
BleepingComputer • 2025-11-03 08:46 • www.bleepingcomputer.com
Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods. […]
https://www.bleepingcomputer.com/news/security/hackers-use-rmm-tools-to-breach-freighters-and-steal-cargo-shipments/ - Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching
BleepingComputer • 2025-11-03 07:22 • www.bleepingcomputer.com
An out-of-band (OOB) security update that patches an actively exploited Windows Server Update Service (WSUS) vulnerability has broken hotpatching on some Windows Server 2025 devices. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-patch-for-wsus-flaw-disabled-windows-server-hotpatching/ - OAuth Device Code Phishing: Azure vs. Google Compared
BleepingComputer • 2025-11-03 07:11 • www.bleepingcomputer.com
Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs’ Live Hack to learn about attack techniques, defensive tactics, and get an Identity Security Assessment. […]
https://www.bleepingcomputer.com/news/security/oauth-device-code-phishing-azure-vs-google-compared/ - XWiki SolrSearch Exploit Attempts (CVE-2025-24893) with link to Chicago Gangs/Rappers, (Mon, Nov 3rd)
SANS ISC Diary (full) • 2025-11-03 06:20 • isc.sans.eduXWiki describes itself as “The Advanced Open-Source Enterprise Wiki” and considers itself an alternative to Confluence and MediaWiki. In February, XWiki released an advisory (and patch) for an arbitrary remote code execution vulnerability. Affected was the SolrSearch component, which any user, even with minimal “Guest” privileges, can use. The advisory included PoC code, so it is a bit odd that it took so long for the vulnerability to be widely exploited.
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
