Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 10, 2025 Cyber Threat Intelligence Briefing

Nov 10, 2025 By Kroll In Kroll
Microsoft’s DART team identified a new backdoor named SESAMEOP in July 2025 that uses the OpenAI Assistants API as its command and control (C2) channel. Proofpoint has detailed a campaign targeting freight and trucking companies using remote monitoring and management (RMM) tools to steal cargo. Security researchers at Catchify identified a critical unauthenticated remote code execution vulnerability in the UniFi Access backup/export workflow, tracked as CVE-2025-52665, with a CVSS score of 10.0 (critical).
View Video

November 03, 2025 Cyber Threat Intelligence Briefing

Nov 5, 2025 By Kroll In Kroll
A critical remote code execution vulnerability in the Windows Server Update Services (WSUS) server role tracked as CVE 2025 59287 (CVSS: 9.8) addressed in the October patch cycle is under active exploitation. Researchers at RandoriSec produced a report on the current state of Microsoft Teams Access Token theft, a tactic that has been used by many threat actor groups to move laterally within environments and assist in internal phishing attacks.
View Video

October 27, 2025 Cyber Threat Intelligence Briefing

Oct 27, 2025 By Kroll In Kroll
This campaign uses an updated lure combination of a Cloudflareturnstile and fake Windows update before socially engineering the victim into pasting malicious commands into the run dialogue box. Sekoia has released a detailed technical analysis of the POLAREDGE botnet which it initially reported on earlier this year. The botnet is spread by exploiting vulnerabilities, most notably CVE-2023-20118 in cisco routers; however, other samples from the same family have been seen exploiting routers from other vendors such as Asus, QNAP and Synology.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.