TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM 2026-03-30 at 18:52 By Moving beyond their LiteLLM campaign, TeamPCP weaponizes the Telnyx Python SDK with stealthy WAV‑based payloads to steal credentials across Linux, macOS, and Windows. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM Read More »
Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities 2026-03-26 at 06:26 By This blog discusses the steganography, cloud abuse, and email-based backdoors used against the Ukrainian defense supply chain in the latest Pawn Storm campaign that TrendAI™ Research observed and analyzed. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries 2026-03-20 at 10:22 By We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries Read More »
Why East-West Visibility Matters for Grid Security 2026-03-18 at 12:35 By Learn how east-west traffic visibility helps detect and stop lateral movement attacks inside electric grid infrastructure and critical OT networks. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Why East-West Visibility Matters for Grid Security Read More »
From Misconfigured Spring Boot Actuator to SharePoint Exfiltration: How Stolen Credentials Bypass MFA 2026-03-18 at 12:35 By Not every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack 2026-03-16 at 15:10 By Warlock continues to enhance its attack chain with new tactics to improve persistence, lateral movement, and defense evasion using an expanded toolset: TightVNC Yuze, and a persistent BYOVD technique leveraging the NSec driver. This article is an excerpt from Trend Micro Research,
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack Read More »
CISOs in a Pinch: A Security Analysis of OpenClaw 2026-03-10 at 08:33 By Learn about OpenClaw (a sovereign agent) and how this can be viable for enterprises. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
CISOs in a Pinch: A Security Analysis of OpenClaw Read More »
TrendAI™ at [un]prompted 2026: From KYC Exploits to Agentic Defense 2026-03-09 at 08:32 By At [un]prompted 2026, TrendAI™ demonstrated how documents can be used to exploit AI-driven KYC pipelines and introduced FENRIR, an automated system for discovering AI vulnerabilities at scale. This article is an excerpt from Trend Micro Research, News and Perspectives View Original
TrendAI™ at [un]prompted 2026: From KYC Exploits to Agentic Defense Read More »
New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages 2026-03-05 at 17:11 By The BoryptGrab campaign uses fake SEO‑optimized GitHub repositories and deceptive download pages to distribute a data‑stealing malware family that delivers multiple payloads, including a reverse SSH backdoor, to Windows users. This article is an excerpt from Trend Micro Research, News and
New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages Read More »
Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations 2026-03-04 at 21:05 By Tycoon 2FA was dismantled this week by law enforcement and industry partners including TrendAI™. The phishing-as-a-service platform offered MFA bypass services using adversary-in-the-middle (AitM) proxying. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations Read More »
CISOs in a Pinch: A Security Analysis of OpenClaw 2026-03-03 at 08:21 By Learn how Claude Code Security set Cybersecurity stocks on fire. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
CISOs in a Pinch: A Security Analysis of OpenClaw Read More »
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer 2026-02-23 at 02:00 By Malicious OpenClaw skills trick AI agents and users into installing a new AMOS variant that steals extensive data at scale. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer Read More »
Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities 2026-02-17 at 02:00 By We uncover how a campaign used Atlassian Jira Cloud to launch automated and targeted spam campaigns, exploiting trusted SaaS workflows to bypass security controls. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities Read More »
U.S. Public Sector Under Siege 2026-02-06 at 00:10 By Discover why Government and Education must prioritize Cyber Risk Management. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
U.S. Public Sector Under Siege Read More »
PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups 2026-01-26 at 17:42 By PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities. This article is an excerpt from Trend Micro Research,
Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware 2026-01-22 at 16:31 By TrendAI™ Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware Read More »
From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers 2026-01-19 at 13:40 By This blog entry provides an in-depth analysis of the multistage delivery of the Evelyn information stealer, which was used in a campaign targeting software developers. This article is an excerpt from Trend Micro Research, News and
Your 100 Billion Parameter Behemoth is a Liability 2026-01-17 at 18:04 By The “bigger is better” era of AI is hitting a wall. We are in an LLM bubble, characterized by ruinous inference costs and diminishing returns. The future belongs to Agentic AI powered by specialized Small Language Models (SLMs). Think of it as a
Your 100 Billion Parameter Behemoth is a Liability Read More »
Introducing ÆSIR: Finding Zero-Day Vulnerabilities at the Speed of AI 2026-01-15 at 19:58 By TrendAI™’s ÆSIR platform combines AI automation with expert oversight to discover zero-day vulnerabilities in AI infrastructure – 21 CVEs across NVIDIA, Tencent, and MLflow since mid-2025. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Introducing ÆSIR: Finding Zero-Day Vulnerabilities at the Speed of AI Read More »
Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with Trend Vision One™ 2026-01-13 at 11:05 By This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from Trend Research™ monitoring and Trend Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations.