Researchers at Microsoft discovered a backdoor named SesameOp that misuses the OpenAI Assistants API for command-and-control communications. This malware employs sophisticated techniques to maintain stealth and persistence while executing commands within compromised systems. The findings highlight how threat actors adapt to new technologies for malicious purposes.

The article explains how attackers can turn self-hosted GitHub Actions runners into backdoors, allowing persistent access to compromised systems. It details the Shai-Hulud worm as a case study, highlighting its methods for exploiting GitHub's infrastructure and the security risks involved.

The article discusses a newly identified backdoor and persistence technique used by cyber attackers, highlighting how it is being hijacked and concealed within systems. It emphasizes the need for organizations to enhance their threat detection capabilities to combat this evolving method of attack. Insights into the implications for cybersecurity and recommendations for mitigation are also provided.

A malicious desktop application posing as a ChatGPT client, named PipeMagic, has been found to contain a backdoor that compromises users' security. The fraudulent app can potentially allow attackers to execute harmful commands on infected systems, raising concerns about software authenticity and cybersecurity practices. Users are advised to avoid downloading unverified applications and ensure software comes from trusted sources.

A hacker is exploiting GitHub by distributing backdoored source code, specifically targeting hackers, gamers, and researchers. The malicious repositories, linked to the publisher "ischhfd83," deploy hidden backdoors through various means, leading to the installation of remote access trojans and info-stealers, which pose significant risks to users who compile the code. Sophos researchers warn of the sophisticated multi-step infection process that follows the download of these trojanized files.

A new version of the Atomic macOS info-stealer malware has been discovered, featuring a persistent backdoor that allows attackers to maintain indefinite access to compromised systems. Analyzed by Moonlock, the malware targets macOS files and user data, exploiting phishing tactics and advanced evasion techniques to execute remote commands and survive system reboots.

Phishing sites are masquerading as legitimate downloads from DeepSeek, distributing a proxy backdoor that compromises users' systems. These malicious sites exploit trust to lure victims into downloading harmful software. Users are advised to be cautious and verify sources before downloading applications.