Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks

Published on November 3, 2025

Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. [...]

Continue reading on website
Other news

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

November 3, 2025
Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck.According to Secure Annex's John Tuckner, the extension in question, juan-bianco.solidity-vlang (version 0.0.7), was first published on October 31, 2025, as a completely benign library that was subsequently updated to version 0.0.8 on November 1 to

Fake Solidity VSCode extension on Open VSX backdoors developers

November 3, 2025
A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel with the attacker. [...]