Microsoft Teams Security Flaws Show How Easily Digital Trust Can Be Exploited

Microsoft Teams, used by hundreds of millions, contained flaws that let attackers impersonate executives, rewrite chats, and fake notifications. Check Point Research discovered that both external guests and insiders could exploit Teams’ trust-based design to alter messages without leaving traces. By reusing internal message identifiers, attackers could edit messages without showing the “Edited” tag, distort conversations, or spoof alerts that seemed to come from trusted colleagues. They could also change display names in private chats and even forge call notifications to pose as anyone in a voice or video call.

Check Point disclosed the issues to Microsoft in March 2024. Cataloged as CVE-2024-38197, the vulnerabilities were patched automatically, with final fixes completed in October 2025. The case underscores how collaboration platforms have become critical and vulnerable infrastructure. The article links the risks to broader identity-fraud tactics—such as North Korean operatives using AI filters to impersonate Mexican engineers—showing how digital trust, once broken, can ripple far beyond a single app.

Read: https://hackread.com/microsoft-teams-flaws-fake-identities-rewrite-chats/

DHS Plans to Collect Biometrics from Immigrants and US Citizens Alike

The U.S. Department of Homeland Security through USCIS has proposed a major expansion of biometric data collection affecting immigrants, U.S. citizens, U.S. nationals, and lawful permanent residents connected to immigration cases. Announced Monday, the rule would require applicants, petitioners, sponsors, dependents, and anyone associated with a request to submit biometrics, including any alien apprehended or encountered by DHS and U.S. citizens filing family-based visa petitions.

DHS broadens biometrics to measurable biological or behavioral characteristics, allowing collection of fingerprints, photos, ocular scans, voice prints, and DNA, including raw DNA or test results to verify biological sex or familial relationships. The data would support identity management, immigration oversight, national security, and secure document production.

Comments are open until January 2, with opposition citing government overreach, comparisons to communist China, and violations of constitutional protections. The proposal extends algorithmic and genetic surveillance to both noncitizens and some citizens, raising legal, ethical, and technological concerns around facial recognition, AI voice analysis, and DNA collection.

Read: https://www.theregister.com/2025/11/04/dhs_wants_to_collect_biometric_data/

Threat Actors Have Turned the OpenAI Assistants API Into a Stealthy Malware Control Channel

In July 2025, Microsoft DART discovered SesameOp, a backdoor used by threat actors who had maintained months-long access. It leveraged internal web shells and compromised Microsoft Visual Studio utilities. Instead of traditional C2, SesameOp uses the OpenAI Assistants API via OpenAIAgent.Netapi64 and a loader DLL, Netapi64.dll, obfuscated with Eazfuscator.NET. The DLL injects into host executables using .NET AppDomainManager injection. OpenAIAgent.Netapi64 fetches encrypted commands, executes them locally, and returns compressed, encrypted results, employing symmetric and asymmetric encryption. The API will be deprecated in August 2026, replaced by the Responses API. Microsoft recommends auditing logs and firewalls, enabling Windows Defender Firewall, intrusion prevention, tamper protection, endpoint detection and response in block mode, real-time Microsoft Defender Antivirus, cloud-delivered protection, and blocking potentially unwanted applications. SesameOp illustrates modern malware: weaponizing legitimate cloud APIs with stealth, persistence, injection, and layered encryption, forcing defenders to adapt.

Read: https://www.infosecurity-magazine.com/news/openai-assistants-api-sesameop/

Lawmakers Demand FTC Investigate Flock Safety Over Security Risks in License Plate Camera Network

Lawmakers are urging the FTC to investigate Flock Safety, which runs a U.S. network of license plate–scanning cameras, over cybersecurity gaps. Senators Ron Wyden (D-OR) and Rep. Raja Krishnamoorthi (D-IL, 8th) noted Flock offers but does not require multi-factor authentication (MFA), leaving accounts vulnerable to hackers who could access billions of license plate photos. The network serves over 5,000 police departments and private businesses. Stolen credentials appeared online, including on a Russian cybercrime forum. Flock enabled MFA by default for new users in November 2024, with 97% of law enforcement accounts active; 3% remain unprotected.

Read: https://techcrunch.com/2025/11/03/lawmakers-say-stolen-police-logins-are-exposing-flock-surveillance-cameras-to-hackers/

Windows Faces Widespread Attacks as Two Critical Vulnerabilities Remain Actively Exploited

Two critical Windows vulnerabilities are under active exploitation. CVE-2025-9491, a zero-day in the Windows Shortcut (.lnk) format, has been exploited since 2017 by 11 APT groups, including nation-state actors, impacting nearly 60 countries—most heavily the US, Canada, Russia, and South Korea. Arctic Wolf reported UNC-6384, a China-aligned group, using it in Europe to deploy the PlugX trojan, with binaries RC4-encrypted until execution. CVE-2025-59287, a WSUS flaw rated 9.8, enables wormable remote code execution; initial Microsoft fixes failed, prompting an unscheduled patch. Exploitation was observed October 23–24 across industries. With no patch yet for CVE-2025-9491, Windows systems remain vulnerable, leaving administrators to contend with highly sophisticated, persistent attacks.

Read: https://arstechnica.com/security/2025/10/two-windows-vulnerabilities-one-a-0-day-are-under-active-exploitation/

Elsewhere Online

Critical Flaw in Post SMTP WordPress Plugin Allows Site Takeover

https://www.securityweek.com/exploited-post-smtp-plugin-flaw-exposes-wordpress-sites-to-takeover/

ChatGPT Flaws Exploit Browsing and Search Context to Steal Private Data

https://thehackernews.com/2025/11/researchers-find-chatgpt.html

New Chrome Autofill Stores Passports Concentrating Personal Data Risk

https://hackread.com/google-chrome-autofill-passports-licenses-safe/

Kimsuky Targets South Korea with New Stealthy HttpTroy Backdoor

https://www.darkreading.com/vulnerabilities-threats/kimsuky-httptroy-backdoor-south-korea-users

New Email Reveals FBI and Twitter Discussed Policy Changes Just Before Election

https://reclaimthenet.org/fbi-and-twitter-met-on-the-eve-of-the-midterms