Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SesameOp backdoor abuses OpenAI Assistants API

Malware Activity
First reported
Last updated
Happening score
H score 16
2 unique sources, 2 articles

Summary

Hide ▲

The SesameOp backdoor now uses the OpenAI Assistants API as a covert command-and-control channel, giving operators durable remote access inside compromised environments. It can fetch compressed and encrypted commands, decrypt them, and run them on infected systems, which makes the traffic blend into a legitimate cloud service. The malware was tied to a July 2025 intrusion and is built for long-term espionage rather than short-lived disruption.

Related Happenings

Microsoft Defender for Endpoint automatic endpoint isolation preview

Security Tool/Service
First: 26.05.2026 15:19 Last: 26.05.2026 15:19 Sources 1

About this happening: Microsoft is previewing **automatic isolation** for compromised endpoints in **Defender for Endpoint**, reducing **lateral movement** risk on managed workstations. The capability...

Open Happening

SHub Reaper macOS infostealer variant

Malware Activity
First: 19.05.2026 00:42 Last: 19.05.2026 00:42 Sources 1

About this happening: The **SHub Reaper** macOS infostealer now uses **AppleScript** and a fake **Apple security update** lure to infect Macs, raising the risk of credential theft and remote access. It...

Open Happening

Widespread exposure and misconfiguration in self-hosted AI infrastructure

Target Trend
First: 05.05.2026 13:30 Last: 05.05.2026 13:30 Sources 1

About this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...

Open Happening

ABCDoor backdoor activity in Silver Fox attacks

Malware Activity
First: 04.05.2026 14:35 Last: 04.05.2026 14:35 Sources 1

About this happening: The newly identified **ABCDoor** backdoor is being used in **real-world attacks** by **Silver Fox**, expanding the group's malware set and increasing the risk of covert remote acc...

Open Happening

AI assistants with web browsing repurposed as covert C2 relays

Technical Analysis
First: 18.02.2026 17:00 Last: 18.02.2026 17:00 Sources 1

About this happening: AI assistants with web browsing are now being shown as **covert command-and-control relays**, letting malware hide commands and stolen data inside routine enterprise traffic. **Gr...

Open Happening

Timeline

  1. 03.11.2025 20:35 2 articles · 6mo ago

    Microsoft researchers uncover SesameOp backdoor abusing OpenAI Assistants API

    Initial Disclosure

    Microsoft security researchers and DART discovered SesameOp during an investigation into a July 2025 cyberattack. The backdoor uses the OpenAI Assistants API as a covert command-and-control channel to fetch compressed and encrypted commands, decrypt and execute them on infected systems, and return harvested information through the same API. Microsoft said the malware does not exploit a vulnerability or misconfiguration in OpenAI's platform, and Microsoft and OpenAI disabled the account and API key used in the attacks while advising defenders to audit firewall logs, enable tamper protection, configure endpoint detection in block mode, and monitor unauthorized external connections.

    Show sources
    Open in new tab