Threat Round-up

Stay ahead of emerging cyber threats with expert insights from Field Effect’s cybersecurity analysts.
The Threat Round-up is a weekly intelligence report that summarizes the most important threats, vulnerabilities, and active attack campaigns observed over the past seven days.

Each brief links to a detailed analysis, offering actionable guidance to help security teams mitigate risk, detect malicious activity, and strengthen defenses.

This week’s curated collection highlights the key threat intelligence updates our team publishes daily. Highlights include, Cisco patching multiple unauthenticated RCE flaws in UCCX, the discovery of the SesameOp malware leveraging the OpenAI API for covert command and control, and the Balancer cryptoheist revealing major security gaps in blockchain-based financial systems.

Cisco Patches Critical UCCX Flaws Enabling Unauthenticated RCE

Cisco released a new round of security patches on November 5, addressing multiple critical and high-severity flaws. Two of the most serious, CVE-2025-20354 and CVE-2025-20358, affect Cisco Unified Contact Center Express (UCCX) and could allow remote code execution and privilege escalation without authentication. Additional fixes target Cisco ISE, Firepower, and ASA Software, while no workarounds exist. Patching is strongly advised to prevent potential exploitation.

Keep reading

CISA Adds CVE-2025-48703 to KEV: Secure Your CWP Now

The critical flaw (CVE-2025-48703), allows remote code execution without root access, affecting all versions before 0.9.8.1205. The exploit, already public, targets CWP’s file manager via port 2083 and can grant attackers full system control. Researchers confirmed active exploitation, and a Metasploit module is in development. Users should update immediately or restrict internet access to reduce exposure.

Keep reading

SesameOp Malware Uses OpenAI API for Covert Command & Control

In this campaign, threat actors deployed a backdoor called SesameOp, using .NET AppDomainManager injection to load malicious code into Visual Studio. The malware communicated with the OpenAI Assistants API, hiding commands within normal-looking chatbot interactions to evade detection. This approach allowed months of persistence. Microsoft has not yet identified the actor or victims, but researchers warn that malicious use of AI APIs could become a growing stealth tactic.

Keep reading

Balancer Cryptoheist Exposes Security Gaps in Blockchain-based Financial Systems

The breach exposed a serious flaw in cross-chain DeFi systems. Researchers found the attack stemmed from a cross-chain callback vulnerability, where smart contracts failed to properly verify responses between blockchains. This allowed attackers to send fake instructions, exploit precision errors, and drain funds rapidly. Balancer has since paused vulnerable pools and begun recovery efforts. The incident highlights the growing security risks of interconnected DeFi contracts and the need for stronger validation across blockchain networks.

Keep reading

New Nation-state Malware Targets BPOs via AirWatch Exploits

A newly identified threat actor, CL-STA-1009, is running a long-term espionage campaign targeting business process outsourcing (BPO) providers to access multiple organizations indirectly. Its malware, Airstalk, appears in both PowerShell and .NET forms, using legitimate AirWatch/VMware Workspace ONE APIs to hide command-and-control activity. The campaign, active since mid-2024, leverages stolen certificates and browser data theft to evade detection and collect sensitive operational and customer information.

Keep reading

Subscribe to the Field Effect Threat Round-up Newsletter

Join thousands of cybersecurity professionals and MSPs who trust Field Effect’s Threat Round-up Newsletter for the latest cyber threat intelligence. Delivered every Monday morning, it brings you the week’s most important new flaws, patches, and security news right to your inbox.

Signing up to the newsletter makes you the first to know about:

• Comprehensive threat intelligence: Updates on the latest threat actors, vulnerabilities, and campaigns, including observed tactics, techniques, and procedures (TTPs).
• Expert analysis and context: Field Effect’s analysts break down the impact of critical flaws and emerging campaigns, helping you understand evolving threat behaviors.
• Actionable defense guidance: Receive practical security steps, patching tips, and indicators of compromise (IOCs) to strengthen your defenses and stay one step ahead.
• Exclusive research: Explore in-depth investigations from Field Effect's analysts, uncovering new threat campaigns, indicators of compromise, and attacker behaviors as they emerge.

Sign up today and stay one step ahead: