The Cybersecurity Defenders Podcast #265 - Intel Chat: AWS TruffleNet exploit, React Native vulnerability, SesameOp OpenAI Assistants API C2 channel & Operation SkyCloak
Nov 10, 2025
Explore a newly discovered threat exploiting AWS Simple Email Service with stolen credentials to launch Business Email Compromise scams. Discover a critical vulnerability in the React Native Community CLI that requires immediate attention. Learn about SesameOp, a novel backdoor using OpenAI’s Assistants API for command and control. Uncover Operation SkyCloak, a sophisticated malware campaign targeting defense organizations through clever phishing tactics. Dive into the future of cloud security and attack vectors!
AI Snips
Chapters
Transcript
Episode notes
Cloud Services As Malicious Infrastructure
- Attackers abused stolen AWS credentials to run SES and hide BEC campaigns inside legitimate cloud services.
- Using Portainer as a lightweight control panel lets adversaries scale and evade traditional infrastructure-based detections.
Prioritize Identity And Composite Alerting
- Enforce least-privileged policies and monitor identity behavior rather than only network traffic.
- Implement composite alerting and behavioral analytics to correlate suspicious API calls and offensive tool usage.
Patch React Native Dev Servers Now
- Update React Native community CLI to version 20.0 or later immediately if you use it.
- Talk to front-end developers to locate dev servers and patch exposed Metro servers to prevent remote code execution.