Security researchers have identified a dangerous remote access trojan called SleepyDuck lurking in the Open VSX IDE extension marketplace, targeting developers who use code editors like Cursor and Windsurf. The malicious extension masqueraded as a legitimate Solidity programming language helper,…
Balancer DeFi Platform Hit by Major Exploit Resulting in $100M+ in Losses
The decentralised finance (DeFi) ecosystem was rocked by a significant exploit targeting Balancer, one of the leading DeFi platforms. The breach specifically impacted Balancer’s V2 Composable Stable Pools, resulting in losses that reportedly exceed $100 million. This major incident highlights…
Weaponized Putty and Teams Ads Deliver Malware Allowing Hackers to Access Devices and Networks
An ongoing malicious advertising campaign is weaponizing legitimate software downloads to deploy OysterLoader malware, previously identified as Broomstick and CleanUpLoader. This sophisticated initial access tool enables cybercriminals to establish footholds in corporate networks, ultimately serving as a delivery mechanism for…
Crooks exploit RMM software to hijack trucking firms and steal cargo
Hackers target trucking firms with RMM tools to steal freight, teaming with organized crime to loot goods, mainly food and beverages. Cybercriminals are targeting trucking and logistics firms with RMM tools (remote monitoring and management software) to steal freight. Active…
New Cisco solutions bring speed, security, and automation to distributed AI networks
Cisco is introducing innovations to modernize campus, branch, and industrial networks to support the growing use of AI. Its solutions simplify operations, scale with evolving business needs, and enhance security, all of which are critical to unlocking the full potential…
U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks
Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed…
Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit
Google’s artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in…
“SleepyDuck” uses Ethereum, SesameOp abuses OpenAI API, cybercrooks steal physical cargo
“SleepyDuck” uses Ethereum to keep command server alive SesameOp abuses OpenAI Assistants API Organized crime cybercrooks steal cargo Huge thanks to our sponsor, ThreatLocker Cybercriminals don’t knock — they sneak in through the cracks other tools miss. That’s why organizations…
IT Security News Hourly Summary 2025-11-04 09h : 8 posts
8 posts were published in the last hour 7:34 : Malicious PuTTY Ads Deliver OysterLoader, Allowing Attackers Full Device and Network Access 7:34 : Graylog’s AI features improve security outcomes across hybrid environments 7:34 : Zscaler acquires SPLX to help…
Malicious PuTTY Ads Deliver OysterLoader, Allowing Attackers Full Device and Network Access
The Rhysida ransomware gang has been running a sophisticated malvertising campaign that delivers OysterLoader malware through deceptive search engine advertisements, giving attackers complete access to compromised devices and networks. The Rhysida gang, formerly known as Vice Society before rebranding in…
Graylog’s AI features improve security outcomes across hybrid environments
Graylog launched its Graylog Security Fall 2025 release. The latest version introduces AI-driven insights, Model Context Protocol (MCP) Server Access, and Amazon Security Data Lake integration, enabling SOCs to operate with clarity, speed, and cost efficiency. The new platform (version…
Zscaler acquires SPLX to help organizations secure their AI investments
Zscaler has acquired AI security pioneer SPLX, extending the Zscaler Zero Trust Exchange platform with shift-left AI asset discovery, automated red teaming, and governance, so organizations can secure their AI investments from development through deployment. “Today marks an important step…
How nations build and defend their cyberspace capabilities
In this Help Net Security interview, Dr. Bernhards Blumbergs, Lead Cyber Security Expert at CERT.LV, discusses how cyberspace has become an integral part of national and military operations. He explains how countries develop capabilities to act and defend in this…
Cybercriminals have built a business on YouTube’s blind spots
The days when YouTube was just a place for funny clips and music videos are behind us. With 2.53 billion active users, it has become a space where entertainment, information, and deception coexist. Alongside everyday videos, the site has seen…
Uncovering the risks of unmanaged identities
Every organization manages thousands of identities, from admins and developers to service accounts and AI agents. But many of these identities operate in the shadows, untracked and unprotected. These unmanaged identities quietly expand your attack surface, weaken compliance, and threaten…
Cisco’s platform enhancements strengthen security for MSPs
Cisco announced a significant platform advancement designed to empower MSPs to deliver security services. This innovation adds foundational multi-customer management capabilities within Security Cloud Control, Cisco’s unified, AI-powered management platform. This console leverages advanced AIOps and AgenticOps to enable organizations…
Microsoft Detects “SesameOp” Backdoor Using OpenAI’s API as a Stealth Command Channel
Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. “Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2…
Microsoft’s WSUS Patch Causes Hotpatching Failures on Windows Server 2025
Microsoft has acknowledged a critical issue affecting Windows Server 2025 systems enrolled in the Hotpatch program. A recent Windows Server Update Services (WSUS) patch was inadvertently distributed to machines configured to receive Hotpatch updates, causing disruptions to the seamless patching…
SesameOp: Using the OpenAI Assistants API for Covert C2 Communication
Microsoft’s Detection and Response Team has exposed a sophisticated backdoor malware that exploits the OpenAI Assistants API as an unconventional command-and-control communication channel. Named SesameOp, this threat demonstrates how adversaries are rapidly adapting to leverage legitimate cloud services for malicious…
Apple Patches Multiple Critical Vulnerabilities in iOS 26.1 and iPadOS 26.1
Apple released iOS 26.1 and iPadOS 26.1, addressing multiple vulnerabilities that could lead to privacy breaches, app crashes, and potential data leaks for iPhone and iPad users. The update targets devices starting from the iPhone 11 series and various iPad…
Hackers Actively Scanning for TCP Port 8530/8531 Linked to WSUS Vulnerability CVE-2025-59287
Cybersecurity researchers and firewall monitoring services have detected a dramatic surge in reconnaissance activity targeting Windows Server Update Services (WSUS) infrastructure. Network sensors collected from security organizations, including data from Shadowserver, show a significant increase in scans directed at TCP…
Open VSX Registry Addresses Leaked Tokens and Malicious Extensions in Wake of Security Scare
The Open VSX Registry and the Eclipse Foundation have completed their investigation into a significant security incident involving exposed developer tokens and malicious extensions. The comprehensive response reveals how the platform is strengthening defenses across the entire VS Code extension…
AMD Zen 5 Processors RDSEED Vulnerability Breaks Integrity With Randomness
AMD has disclosed a critical vulnerability affecting its Zen 5 processor lineup that compromises the reliability of random number generation, a fundamental security feature in modern computing. The flaw, tracked as CVE-2025-62626, impacts the RDSEED instruction used by systems to…
China’s president Xi Jinping jokes about backdoors in Xiaomi smartphones
South Korea’s president laughed, so perhaps it was funny? Unlike China’s censorship and snooping Chinese president Xi Jinping has joked that smartphones from Xiaomi might include backdoors.… This article has been indexed from The Register – Security Read the original…