November 10, 2025 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Nov 10, 2025
Kroll

This week’s briefing covers:

00:00 – Intro

00:39 [MALWARE] SESAMEOP Uses OpenAI API as Command and Control
Microsoft’s DART team identified a new backdoor named SESAMEOP in July 2025 that uses the OpenAI Assistants API as its command and control (C2) channel.

02:25 [CAMPAIGN] Cybercriminal Cargo Theft Campaign
Proofpoint has detailed a campaign targeting freight and trucking companies using remote monitoring and management (RMM) tools to steal cargo.

03:51 [VULNERABILITY] Remote Code Execution in UniFi Access
Security researchers at Catchify identified a critical unauthenticated remote code execution vulnerability in the UniFi Access backup/export workflow, tracked as CVE-2025-52665, with a CVSS score of 10.0 (critical).

05:35 [THREAT ACTOR ACTIVITY] Curly COMrades (KTA487) Use of Hyper-V for Persistence
Bitdefender has released an update in techniques observed by Curly COMrades (tracked by Kroll as KTA487), an actor it states, "operates to support Russian interests in geopolitical hotbeds".

08:11 [THREAT ACTOR ACTIVITY] RHYSIDA's (KTA258) Malvertising and Certificate Abuse
The RHYSIDA ransomware gang (tracked by Kroll as KTA258), has shifted its tactics to sophisticated malvertising campaigns. The group purchases search engine advertisements, often on Bing, to direct victims to convincing, malicious landing pages impersonating legitimate software like Microsoft Teams, PuTTY, and Zoom.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q4 2024 Cyber Threat Landscape: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/q4-2024-threat-landscape-report-phishing

Kroll’s 2025 Cyber Threat Landscape Report: Cybercrime in the Crypto Era: https://www.kroll.com/Reports/Cyber/Threat-Intelligence-Reports/Threat-Landscape-Report-Lens-on-Crypto

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: https://www.youtube.com/playlist

Kroll Cyber Blog: https://www.kroll.com/en/insights/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.