Find notable cyber news and cases, enriched with sources, timelines, and signals.

SesameOp backdoor abuses OpenAI Assistants API

Malware Activity
First reported
Last updated
Happening score
H score 23
2 unique sources, 2 articles

Summary

Hide ▲

The SesameOp backdoor now uses the OpenAI Assistants API as a covert command-and-control channel, giving operators durable remote access inside compromised environments. It can fetch compressed and encrypted commands, decrypt them, and run them on infected systems, which makes the traffic blend into a legitimate cloud service. The malware was tied to a July 2025 intrusion and is built for long-term espionage rather than short-lived disruption.

Related Happenings

Edgecution malicious Microsoft Edge extension backdoor activity

Malware Activity
H score23 First: 24.06.2026 23:58 Last: 24.06.2026 23:58 Sources 1

About this happening: The **Edgecution** malware is extending a **Microsoft Edge** browser foothold into host-level compromise by abusing **Chrome Native Messaging** and launching a **Python-based back...

Mistic backdoor attack activity targeting enterprise sectors since April

Malware Activity
H score33 First: 24.06.2026 13:41 Last: 24.06.2026 13:41 Sources 1

About this happening: The **Mistic** backdoor is being used in **financially motivated attacks** against **insurance, education, IT, and professional services** organizations, giving operators a stealt...

Backdoor.Turn Microsoft Teams TURN relay malware activity

Malware Activity
H score29 First: 16.06.2026 13:18 Last: 16.06.2026 13:18 Sources 1

About this happening: **Backdoor.Turn** is a **Go-based RAT** tied to **DragonForce ransomware** operators that hid command-and-control traffic through **Microsoft Teams TURN relay infrastructure** dur...

Major U.S. services company hit by ransomware attack linked to DragonForce

Incident
H score38 First: 16.06.2026 13:18 Last: 16.06.2026 13:18 Sources 1

About this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...

AI-driven worm reasons at runtime and self-replicates across a 33-host test network

Technical Analysis
H score40 First: 09.06.2026 14:59 Last: 09.06.2026 14:59 Sources 1

About this happening: Researchers demonstrated a **proof-of-concept AI-driven worm** that reasons at runtime and self-replicates, showing adaptive host-to-host spread across a **33-host** vulnerable te...

Timeline

  1. 03.11.2025 20:35 2 articles · 8mo ago

    Microsoft researchers uncover SesameOp backdoor abusing OpenAI Assistants API

    Initial Disclosure

    Microsoft security researchers and DART discovered SesameOp during an investigation into a July 2025 cyberattack. The backdoor uses the OpenAI Assistants API as a covert command-and-control channel to fetch compressed and encrypted commands, decrypt and execute them on infected systems, and return harvested information through the same API. Microsoft said the malware does not exploit a vulnerability or misconfiguration in OpenAI's platform, and Microsoft and OpenAI disabled the account and API key used in the attacks while advising defenders to audit firewall logs, enable tamper protection, configure endpoint detection in block mode, and monitor unauthorized external connections.

    Show sources