Category: Trend Micro Research : Articles, News, Reports

Global Security News, Government & Policy, Risk Management, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Artificial Intelligence (AI), Trend Micro Research : Compliance & Risks, Trend Micro Research : Cyber Threats, Trend Micro Research : Expert Perspective

U.S. Public Sector Under Siege

February 5, 2026

Discover why Government and Education must prioritize Cyber Risk Management.

PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups

PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities.

Pwn2Own: Researchers Earn $1 Million for 76 Zero-Days

January 25, 2026

Discover how TrendAI Zero Day Initiative (ZDI) identified critical vulnerabilities across connected vehicles, EV chargers, and automotive systems.

Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware

January 21, 2026

TrendAI™ Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions.

From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers

January 18, 2026

This blog entry provides an in-depth analysis of the multistage delivery of the Evelyn information stealer, which was used in a campaign targeting software developers.

Your 100 Billion Parameter Behemoth is a Liability

January 15, 2026

The “bigger is better” era of AI is hitting a wall. We are in an LLM bubble, characterized by ruinous inference costs and diminishing returns. The future belongs to Agentic AI powered by specialized Small Language Models (SLMs). Think of it as a shift from hiring a single expensive genius to running a highly efficient…

Introducing ÆSIR: Finding Zero-Day Vulnerabilities at the Speed of AI

January 14, 2026

TrendAI™’s ÆSIR platform combines AI automation with expert oversight to discover zero-day vulnerabilities in AI infrastructure – 21 CVEs across NVIDIA, Tencent, and MLflow since mid-2025.

Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with Trend Vision One™

January 12, 2026

This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from Trend Research™ monitoring and Trend Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations.

Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response

January 11, 2026

Threat actors exploited Cloudflare’s free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations.

Get Executives on board with managing Cyber Risk

December 28, 2025

Learn how the 2025 Trend Micro Defenders Survey Report helps paint a clear picture of how security teams are looking to work with executive leaders to manage cyber risk.

Trend Micro’s Pivotal Role in INTERPOL’s Operation Sentinel: Dismantling Digital Extortion Networks Across Africa

December 28, 2025

Continuing a Legacy of Successful Collaboration

What Does it Take to Manage Cloud Risk?

December 21, 2025

Learn why hybrid and multi-cloud environments are vital for IT and business success from our 2025 Trend Micro Defenders Survey.

What Cyber Defenders Really Think About AI Risk

December 17, 2025

Learn how Trend Micro’s 2025 Trend Micro Defenders Survey Report highlights current AI-related cybersecurity priorities and where security professionals use AI to their advantage.

Enhancing security awareness with cyber risk exposure management

December 14, 2025

Learn how to strategically tackle human risk for smarter prioritization and lasting behavioral change.

SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics

December 10, 2025

In November, a targeted spear-phishing campaign was observed using Trend Micro-themed lures against various industries, but this was quickly detected and thwarted by the Trend Vision One™ platform.

AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows

December 7, 2025

In this blog entry, Trend™ Research provides a comprehensive breakdown of GhostPenguin, a previously undocumented Linux backdoor with low detection rates that was discovered through AI-powered threat hunting and in-depth malware analysis.

Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know

December 4, 2025

CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks).

Project View: A New Era of Prioritized and Actionable Cloud Security

December 3, 2025

In today’s cloud-first world, security teams face an overwhelming flood of alerts, fragmented visibility, and reactive workflows. The complexity of modern cloud environments—spanning multi-cloud deployments, ephemeral assets, and decentralized ownership—demands a new approach to risk management.

ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading

December 2, 2025

Job seekers looking out for opportunities might instead find their personal devices compromised, as a ValleyRAT campaign propagated through email leverages Foxit PDF Reader for concealment and DLL side-loading for initial entry.

Unraveling Water Saci’s New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp

December 1, 2025

Through AI-driven code conversion and a layered infection chain involving different file formats and scripting languages, the threat actors behind Water Saci are quickly upgrading their malware delivery and propagation methods across WhatsApp in Brazil.

Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems

November 26, 2025

Shai-hulud 2.0 campaign features a sophisticated variant capable of stealing credentials and secrets from major cloud platforms and developer services, while automating the backdooring of NPM packages maintained by victims. Its advanced tactics enable rapid, stealthy propagation across the software supply chain, putting countless downstream users at risk.

Breaking Down S3 Ransomware: Variants, Attack Paths and Trend Vision One™ Defenses

November 17, 2025

In this blog entry, Trend™ Research explores how ransomware actors are shifting their focus to cloud-based assets, including the tactics used to compromise business-critical data in AWS environments.

Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics

November 12, 2025

In this blog entry, Trend™ Research analyses the layered command-and-control approaches that Lumma Stealer uses to maintain its ongoing operations while enhancing collection of victim-environment data.

IBM Infrastructure: Continuous Risk & Compliance

November 11, 2025

Learn all about AI-powered visibility, telemetry, and proactive security across mainframe, cloud, containers, and enterprise workloads.

Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C

October 26, 2025

Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware activity across multiple infected machines.

Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques

October 22, 2025

Trend™ Research identified a sophisticated Agenda ransomware attack that deployed a Linux variant on Windows systems. This cross-platform execution can make detection challenging for enterprises.

Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities

October 20, 2025

Trend Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline.

How Trend Micro Empowers the SOC with Agentic SIEM

October 20, 2025

By delivering both XDR leadership and Agentic SIEM innovation under one platform, Trend is redefining what security operations can be.

Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing

October 15, 2025

A targeted underground doxxing campaign exposed alleged core members of Lumma Stealer (Water Kurita), resulting in a sharp decline in its activity and a migration of customers to rival infostealer platforms.

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits

October 14, 2025

Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series.

Weaponized AI Assistants & Credential Thieves

October 8, 2025

Learn the state of AI and the NPM ecosystem with the recent s1ngularity’ weaponized AI for credential theft.

Weaponized AI Assistants & Credential Thieves

October 8, 2025

Learn the state of AI and the NPM ecosystem with the recent s1ngularity’ weaponized AI for credential theft.

Weaponized AI Assistants & Credential Thieves

October 8, 2025

Learn the state of AI and the NPM ecosystem with the recent s1ngularity’ weaponized AI for credential theft.

Weaponized AI Assistants & Credential Thieves

October 8, 2025

Learn the state of AI and the NPM ecosystem with the recent s1ngularity’ weaponized AI for credential theft.

Weaponized AI Assistants & Credential Thieves

October 8, 2025

Learn the state of AI and the NPM ecosystem with the recent s1ngularity’ weaponized AI for credential theft.

Deeper Network Promo Deeper Network Promo

Exploits, Global Security News, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Latest News, Trend Micro Research : Research

RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits

October 8, 2025

Trend™ Research and ZDI Threat Hunters have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen in Pwn2Own contests.

A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk

October 7, 2025

We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users.

A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk

October 7, 2025

How Your AI Chatbot Can Become a Backdoor

October 7, 2025

In this post of THE AI BREACH, learn how your Chatbot can become a backdoor.

How Your AI Chatbot Can Become a Backdoor

October 7, 2025

In this post of THE AI BREACH, learn how your Chatbot can become a backdoor.

How Your AI Chatbot Can Become a Backdoor

October 7, 2025

In this post of THE AI BREACH, learn how your Chatbot can become a backdoor.

How Your AI Chatbot Can Become a Backdoor

October 7, 2025

In this post of THE AI BREACH, learn how your Chatbot can become a backdoor.

A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk

October 7, 2025

How Your AI Chatbot Can Become a Backdoor

October 7, 2025

In this post of THE AI BREACH, learn how your Chatbot can become a backdoor.

A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk

October 7, 2025

A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk

October 7, 2025

CNAPP is the Solution to Multi-cloud Flexibility

September 25, 2025

Cloud-native application protection platform (CNAPP) not only helps organizations protect, but offers the flexibility of multi-cloud.

CNAPP is the Solution to Multi-cloud Flexibility

September 25, 2025

Cloud-native application protection platform (CNAPP) not only helps organizations protect, but offers the flexibility of multi-cloud.