Category: Trend Micro Research, News and Perspectives

Trend Research identified Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

Trend Research encounters new versions of the Albabat ransomware, which appears to target Windows, Linux, and macOS devices. We also reveal the group’s use of GitHub to streamline their ransomware operation. This article has been indexed from Trend Micro Research,…

Read more →

Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks. This article has been indexed from Trend Micro Research, News and…

Read more →

In this blog entry, we uncovered a campaign that uses fake GitHub repositories to distribute SmartLoader, which is then used to deliver Lumma Stealer and other malicious payloads. The campaign leverages GitHub’s trusted reputation to evade detection, using AI-generated content…

Read more →

Trend Micro™ Managed XDR assisted in an investigation of a B2B BEC attack that unveiled an entangled mesh weaved by the threat actor with the help of a compromised server, ensnaring three business partners in a scheme that spanned for…

Read more →

This entry explores how the Chain of Thought reasoning in the DeepSeek-R1 AI model can be susceptible to prompt attacks, insecure output generation, and sensitive data theft. This article has been indexed from Trend Micro Research, News and Perspectives Read…

Read more →

In this blog entry, we discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines. This article has been indexed from Trend Micro Research, News and…

Read more →

In this blog, we discuss about how Shadowpad is being used to deploy a new undetected ransomware family. They deploy the malware exploiting weak passwords and bypassing multi-factor authentication This article has been indexed from Trend Micro Research, News and…

Read more →

Our Threat Hunting team discusses Earth Preta’s latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, bypass ESET antivirus, and maintain control over compromised systems. This article has been indexed from Trend Micro Research,…

Read more →

This blog post details our analysis of an SEO manipulation campaign targeting Asia. We also share recommendations that can help enterprises proactively secure their environment. This article has been indexed from Trend Micro Research, News and Perspectives Read the original…

Read more →

The ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

Native sensors vs. integrations in XDR: Native sensors offer faster deployment, real-time detection, and deeper visibility, while integrations may add complexity and delays. Learn how to optimize your XDR strategy for improved security. This article has been indexed from Trend…

Read more →

XDR is reshaping cybersecurity by unifying and enhancing SIEM and SOAR capabilities into a single platform. It addresses alert fatigue, improves incident correlation, simplifies operations, and enhances efficiency for SOC teams. This article has been indexed from Trend Micro Research,…

Read more →

The Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub, where attackers leveraged the platform’s release infrastructure to deliver malware such as SectopRAT, Vidar, and Cobeacon. This article has been indexed from Trend Micro Research, News and…

Read more →

ASRM transforms cyber insurance underwriting by integrating real-time risk assessments, advanced tools (NDR, EDR, Cloud Security, MDR), and proactive mitigation strategies to improve accuracy, reduce claims, and build trust. This article has been indexed from Trend Micro Research, News and…

Read more →

Trend’s support reaffirms dedication to safeguarding products and customers This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Trend Micro and CISA Secure-By-Design Pledge

Read more →

This article explains the invisible prompt injection, including how it works, an attack scenario, and how users can protect themselves. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Invisible Prompt Injection: A…

Read more →

Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras. This article has been indexed from Trend Micro Research, News and…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Investigating A Web Shell Intrusion With…

Read more →

Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data. This article has been indexed from Trend Micro Research, News and Perspectives Read…

Read more →

Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Information Stealer Masquerades as LDAPNightmare…

Read more →

Trend Micro leads the way by mapping its Container Security detection capabilities to the MITRE ATT&CK framework for Containers and contributing real-world attack data. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…

Read more →

This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that IT and SOC professionals need to know to stay protected against possible exploitation. This article has been indexed from Trend Micro Research, News and Perspectives Read…

Read more →

In this edition of AI Pulse, let’s look back at top AI trends from 2024 in the rear view so we can more clearly predicts AI trends for 2025 and beyond. This article has been indexed from Trend Micro Research,…

Read more →

In this blog entry, Trend Micro’s Managed XDR team discuss their investigation into how the latest variant of NodeStealer is delivered through spear-phishing attacks, potentially leading to malware execution, data theft, and the exfiltration of sensitive information via Telegram. This…

Read more →

Prompt injection exploits vulnerabilities in generative AI to manipulate its behavior, even without extensive permissions. This attack can expose sensitive data, making awareness and preventive measures essential. Learn how it works and how to stay protected. This article has been…

Read more →

In this blog entry, we discuss a social engineering attack that tricked the victim into installing a remote access tool, triggering DarkGate malware activities and an attempted C&C connection. This article has been indexed from Trend Micro Research, News and…

Read more →

Trend threat intelligence and training were crucial to the success of two major policing operations in 2024 This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: INTERPOL & Trend’s Fight Against Cybercrime

Read more →

Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance. This article has been indexed from Trend Micro Research,…

Read more →

Our research into Retrieval Augmented Generation (RAG) systems uncovered at least 80 unprotected servers. We highlight this problem, which can lead to potential data loss and unauthorized access. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

Highlights from the recent discussion between Trend Micro’s David Roth, CRO Enterprise America, and guest speaker Jeff Pollard, VP, Principal Analyst, Forrester about AI hype versus reality and how to secure AI in the workplace. This article has been indexed…

Read more →

Trend Micro researchers, in collaboration with Japanese authorities, analyzed links between SEO malware families used in SEO poisoning attacks that lead users to fake shopping sites. This article has been indexed from Trend Micro Research, News and Perspectives Read the…

Read more →

Discover how Earth Estries employs a diverse set of tactics, techniques, and tools, including malware such as Zingdoor and Snappybee, for its campaigns. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Breaking…

Read more →

Trend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity, from job pressures to the need for more advanced tools. Explore what SOC teams had to say. This article has been indexed from Trend…

Read more →

In the final weeks before November’s U.S. election, cybersecurity experts were calling October 2024 the “month of mischief”—a magnet for bad actors looking to disrupt the democratic process through AI-generated misinformation. This issue of AI Pulse looks at what can…

Read more →

In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes. This article has been indexed from Trend Micro Research, News and Perspectives Read…

Read more →

While cyberattacks that employ web shells and VPN compromise are not particularly novel, they are still prevalent. The recent incidents that Trend Micro MXDR analyzed highlight the importance of behavioral analysis and anomaly detection in security measures. This article has…

Read more →

How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the…

Read more →

How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the…

Read more →

In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts. This article has been indexed from Trend Micro Research,…

Read more →

We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Attackers Target Exposed Docker Remote API Servers…

Read more →

As businesses increasingly pivot to cloud-native applications, the landscape of cybersecurity becomes ever more challenging. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Gartner 2024 CNAPP Market Guide Insights for Leaders

Read more →

Highlights from the recent discussion between Trend Micro’s David Roth, CRO Enterprise America, and guest speaker Jeff Pollard, VP, Principal Analyst, Forrester about AI hype versus reality and how to secure AI in the workplace. This article has been indexed…

Read more →

This is the latest blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: How to…

Read more →

This article uncovers a Golang ransomware abusing AWS S3 for data theft, and masking as LockBit to further pressure victims. The discovery of hard-coded AWS credentials in these samples led to AWS account suspensions. This article has been indexed from…

Read more →

Trend Micro’s Threat Hunting Team discovered EDRSilencer, a red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity. This article has been indexed from Trend Micro Research, News and…

Read more →

Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past security defenses. This…

Read more →

Trend Micro’s investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE. This article has been indexed from Trend Micro Research,…

Read more →

A deep-dive into how AI-driven solutions from Trend Micro leveraging the NVIDIA AI Enterprise software platform are elevating security across critical industries This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Harnessing AI…

Read more →

This is the fourth blog post in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Rogue…

Read more →

Trend Micro MDR (Managed Detection and Response) team promptly mitigated a more_eggs infection. Using Vision One, MDR illustrated how Custom Filters/Models and Security Playbook can be used to automate the response to more_eggs and similar threats. This article has been…

Read more →

On Wednesday, NVIDA released updates to fix a critical vulnerability in its NVIDIA Container Toolkit, which, if exploited, could put a wide range of AI infrastructure and underlying data/secrets at risk. This article has been indexed from Trend Micro Research,…

Read more →

Discover how to use the Cybersecurity Compass to foster effective conversations about cybersecurity strategy between non-technical and technical audiences, focusing on the phases of before, during, and after a breach. This article has been indexed from Trend Micro Research, News…

Read more →

Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions. This article has been indexed from Trend Micro Research, News and Perspectives…

Read more →

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China. This article has been indexed from Trend Micro Research, News and…

Read more →

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base…

Read more →

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671. This article has been indexed from Trend Micro Research, News and…

Read more →

In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign. This article has been indexed from Trend Micro…

Read more →