Elles De Yeager
-
SleepyDuck Malware Evolves with Ethereum C2 Resilience
A new sophisticated remote access trojan, dubbed “SleepyDuck,” has been discovered in the Open VSX registry, a marketplace for IDE extensions. Initially published as a benign extension on October 31, 2025, it was updated on November 1, 2025, to include malicious capabilities and has since garnered over 14,000 downloads.
-
Malicious VSX Extension “SleepyDuck” Leverages Ethereum for Command and Control
A malicious VSX extension dubbed “SleepyDuck” has been discovered in the Open VSX registry, utilizing the Ethereum blockchain for its command and control (C2) infrastructure. Initially distributed as a legitimate Solidity development tool, the extension was updated to include malicious functionalities, posing a significant threat to developers.
-
North Korean Actors Target Web3, New Side-Channel Attacks Exploit Intel/AMD TEEs
North Korean Actors Target Web3, New Side-Channel Attacks Exploit Intel/AMD TEEs
-
Android Malware Landscape Evolves with BankBot-YNRK and DeliveryRAT Threats
Security researchers have uncovered two distinct Android malware strains, BankBot-YNRK and DeliveryRAT, both engineered to pilfer sensitive financial data from compromised devices. The discoveries highlight ongoing sophistication in mobile threat actor tactics, techniques, and procedures.
-
Microsoft Discovers SesameOp: A New Backdoor Using OpenAI’s Assistants API for Covert C2
Microsoft discovered SesameOp, a new backdoor that uses OpenAI’s Assistants API for covert command and control (C2) operations. This technique allows attackers to fetch commands and exfiltrate data through a trusted cloud service, making detection harder. Discovered in July 2025, SesameOp aims for long-term persistence, often a hallmark of espionage campaigns.
-
Conti Ransomware Suspect Extradited to US, Faces Charges
Oleksii Oleksiyovych Lytvynenko, a Ukrainian national, has been extradited from Ireland to the United States to face charges of conspiracy related to the deployment of the Conti ransomware. This marks a significant international effort against cybercrime.
-
Australian Signals Directorate Warns of Ongoing BADCANDY Cyberattacks on Cisco IOS XE Devices
The Australian Signals Directorate (ASD) has issued a bulletin regarding ongoing cyberattacks targeting unpatched Cisco IOS XE devices in Australia, utilizing a previously undocumented implant identified as BADCANDY. These attacks exploit CVE-2023-20198, a critical vulnerability that allows remote, unauthenticated attackers to gain elevated privileges.
-
Ukrainian Commander Forewarns of Potential Energy Disruptions in Russia
Ukrainian Commander Robert ‘Мадяр’ Brovdi states that Ukrainian Defense Forces are planning attacks on Russian territory that could lead to electricity outages, signaling an evolving strategy to disrupt Russian infrastructure and compel adaptation among its populace.
-
Ukrainian Commander Discusses Potential for Russian Energy Disruptions
Ukrainian military commander Robert ‘Madyar’ Brovdi has publicly addressed the potential for power outages within Russia, attributing them to planned actions by the Ukrainian Defense Forces.
-
Ukrainian Forces Reportedly Conduct Widespread Strikes on Russian Infrastructure and Military Targets, Destroy Ballistic Missile
Ukrainian forces have reportedly conducted widespread strikes on Russian energy infrastructure and military targets, leading to power outages and the destruction of a medium-range ballistic missile, according to a recent report by Gazeta.ua.