From Langflow to Monero: Inside CVE-2026-33017 Cryptominer 2026-06-23 at 17:26 By We tracked a cryptocurrency-mining campaign exploiting CVE-2026-33017, which revealed how threat actors are now scanning exposed AI application infrastructure for their next foothold. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
From Langflow to Monero: Inside CVE-2026-33017 Cryptominer Read More »
PeopleSoft PeopleTools Pre-Authentication RCE: A PSIGW SSRF Chain That Executes Inside the JVM 2026-06-19 at 06:49 By A pre-authentication remote code execution (RCE) chain in Oracle PeopleSoft PeopleTools abuses the Integration Broker’s PSIGW gateway to execute code inside the application server’s Java virtual machine (JVM), evading behavioral and network sensors. This article is an excerpt
Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign 2026-06-18 at 05:51 By Cybercriminals hijacked Google Ads searches for popular AI developer tools to funnel over 2,000 victims toward malicious download pages before quietly moving their operation onto claude.ai’s own platform, turning the trusted domain into a delivery mechanism for credential-stealing malware. This article
Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign Read More »
Governing Claude Enterprise in Environments Where Inline Controls Can’t Go 2026-06-13 at 00:53 By TrendAI™ integrates the Claude Compliance API into TrendAI Vision One™ through two collectors that bring AI-aware visibility and detection to Claude Enterprise usage: one keeps all data inside the environment, while the other feeds TrendAI Vision One™ for deeper correlation and
Governing Claude Enterprise in Environments Where Inline Controls Can’t Go Read More »
GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026 2026-06-11 at 05:32 By This year’s Pwn2Own competition in Berlin revealed just how much of the AI stack remains exposed — and the gap between what these tools promise and what they can withstand point to the fragile security foundations underneath. This article is an
GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026 Read More »
Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open 2026-06-08 at 20:33 By Two separate Russia-aligned campaigns are still exploiting the WinRAR flaw CVE-2025-8088 against Ukrainian organizations nearly a year after it was patched, showing how unmanaged software keeps an exploited entry point open long after the fix ships. This
Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open Read More »
Governing Claude Enterprise in Environments Where Inline Controls Can’t Go 2026-06-08 at 20:33 By TrendAI™ integrates Anthropic’s Claude Compliance API into TrendAI Vision One™ through two collectors that bring AI-aware visibility and detection to Claude Enterprise usage: one keeps all data inside the environment, while the other feeds TrendAI Vision One™ for deeper correlation and
Governing Claude Enterprise in Environments Where Inline Controls Can’t Go Read More »
Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI’s Biggest AI Showdown Yet 2026-06-01 at 20:16 By 47 zero-days fell at Pwn2Own Berlin 2026 for US$1,298,250 in payouts. TrendAI™ was on the ground all three days — here’s what we saw. This article is an excerpt from Trend Micro Research, News and Perspectives View Original
Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI’s Biggest AI Showdown Yet Read More »
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet 2026-05-26 at 17:32 By TrendAI™ Research analyzed an intrusion where threat actors used the EtherHiding technique to route ClearFake payload delivery through smart contracts on the BNB Smart Chain testnet. The attack chain ended with two simultaneously deployed stealers, SectopRAT and ACRStealer
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet Read More »
Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware 2026-05-23 at 06:34 By Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware Read More »
One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign 2026-05-21 at 13:14 By A solo Russian-speaking threat actor ran a 5-year Telegram channel and, starting September 2025, used AI to automate its content, credential theft, and a cryptocurrency fraud scheme targeting American audiences. This article is an excerpt
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud 2026-05-19 at 16:58 By In this blog entry, researchers from the TrendAI™ MDR team discuss how they mapped the full end-to-end operation of SHADOW-WATER-063’s Banana RAT banking malware by analyzing server-side artifacts and victim-side data. This article is an excerpt from Trend Micro Research, News
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud Read More »
Agentic Governance: Why It Matters Now 2026-05-18 at 19:42 By AI agents now act inside the trust boundary with real credentials, and agentic governance is what keeps them from quietly breaking things at machine speed. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Agentic Governance: Why It Matters Now Read More »
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft 2026-05-14 at 03:45 By Our research examines the April 22 Checkmarx KICS and April 24 elementary-data incidents as part of a broader TeamPCP supply chain campaign. Across both cases, the actor abused trusted CI/CD and release workflows to steal credentials at scale.
Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America 2026-05-12 at 09:28 By TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we have observed of AI agents executing
What Is the Instructure Canvas Breach? Impact, Risks, and What Institutions Should Do 2026-05-10 at 15:32 By The Instructure Canvas breach affects universities, K–12 school districts, and teaching hospitals globally. This blog entry intends to provide context and practical guidance. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
What Is the Instructure Canvas Breach? Impact, Risks, and What Institutions Should Do Read More »
Supporting the National Cyber Strategy: How TrendAI™ Helps 2026-05-06 at 22:57 By A deeper look at the first three pillars and outlining how our capabilities directly support government agencies working to bring this strategy to life. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Supporting the National Cyber Strategy: How TrendAI™ Helps Read More »
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise 2026-05-06 at 01:31 By Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disables security features, achieves persistence, and connects to attacker-controlled C&C servers for additional payloads. This article
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise Read More »
Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities 2026-05-05 at 02:51 By TrendAI™ Research breaks down Quasar Linux (QLNX), a previously undocumented sophisticated Linux RAT with low detection rates. In this blog, we examine a full-featured Linux threat incorporating a
Kuse Web App Abused to Host Phishing Document 2026-04-29 at 17:47 By Bad actors took advantage of the legitimate name and services of Kuse, a popular AI-based app designed for workplaces. The attackers exploited the users’ trust in Kuse to carry out a phishing attack. This article is an excerpt from Trend Micro Research, News
Kuse Web App Abused to Host Phishing Document Read More »