Trend Micro Research : Articles, News, Reports

Kuse Web App Abused to Host Phishing Document

Kuse Web App Abused to Host Phishing Document 2026-04-29 at 17:47 By Bad actors took advantage of the legitimate name and services of Kuse, a popular AI-based app designed for workplaces. The attackers exploited the users’ trust in Kuse to carry out a phishing attack. This article is an excerpt from Trend Micro Research, News […]

Kuse Web App Abused to Host Phishing Document Read More »

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories 2026-04-21 at 12:56 By Our research on Void Dokkaebi’s operations uncovered a campaign that turns infected developer repositories into malware delivery channels. By spreading through trusted workflows, organizational codebases, and open-source projects, the threat can scale from a single compromise to a

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories Read More »

Identity Protection in the AI Era

Identity Protection in the AI Era 2026-04-15 at 23:09 By Enterprises aiming to predict and mitigate human, machine, and AI‑agent risks at scale demand AI‑powered identity‑first security without compromise. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Identity Protection in the AI Era Read More »

U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026

U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026 2026-04-10 at 12:11 By The first quarter of 2026 has reinforced a hard truth: U.S. government agencies and educational institutions are operating in the most hostile cyber threat environment ever recorded. This article is an excerpt from Trend Micro Research, News and Perspectives View Original

U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026 Read More »

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do 2026-04-07 at 20:32 By Threat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organizations can take and best practices to prevent further risk. This article is an excerpt from

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do Read More »

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads 2026-04-03 at 17:52 By A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks. This article is an excerpt from

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads Read More »

TrendAI Insight: New U.S. National Cyber Strategy

TrendAI Insight: New U.S. National Cyber Strategy 2026-04-03 at 11:01 By TrendAI reviews the White House National Cyber Strategy, outlining six pillars to strengthen U.S. cybersecurity—from deterrence and regulation to federal modernization, critical infrastructure protection, AI leadership, and workforce development. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

TrendAI Insight: New U.S. National Cyber Strategy Read More »

TrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats

TrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats 2026-03-31 at 16:05 By TrendAI™ Research explored agentic AI cybercrime and EV infrastructure security through two research sessions at RSAC 2026. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

TrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats Read More »

TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM

TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM 2026-03-30 at 18:52 By Moving beyond their LiteLLM campaign, TeamPCP weaponizes the Telnyx Python SDK with stealthy WAV‑based payloads to steal credentials across Linux, macOS, and Windows. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM Read More »

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities 2026-03-26 at 06:26 By This blog discusses the steganography, cloud abuse, and email-based backdoors used against the Ukrainian defense supply chain in the latest Pawn Storm campaign that TrendAI™ Research observed and analyzed. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities Read More »

Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries

Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries 2026-03-20 at 10:22 By We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries Read More »

Why East-West Visibility Matters for Grid Security

Why East-West Visibility Matters for Grid Security 2026-03-18 at 12:35 By Learn how east-west traffic visibility helps detect and stop lateral movement attacks inside electric grid infrastructure and critical OT networks. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Why East-West Visibility Matters for Grid Security Read More »

From Misconfigured Spring Boot Actuator to SharePoint Exfiltration: How Stolen Credentials Bypass MFA

From Misconfigured Spring Boot Actuator to SharePoint Exfiltration: How Stolen Credentials Bypass MFA 2026-03-18 at 12:35 By Not every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to

From Misconfigured Spring Boot Actuator to SharePoint Exfiltration: How Stolen Credentials Bypass MFA Read More »

Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack

Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack 2026-03-16 at 15:10 By Warlock continues to enhance its attack chain with new tactics to improve persistence, lateral movement, and defense evasion using an expanded toolset: TightVNC Yuze, and a persistent BYOVD technique leveraging the NSec driver. This article is an excerpt from Trend Micro Research,

Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack Read More »

CISOs in a Pinch: A Security Analysis of OpenClaw

CISOs in a Pinch: A Security Analysis of OpenClaw 2026-03-10 at 08:33 By Learn about OpenClaw (a sovereign agent) and how this can be viable for enterprises. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

CISOs in a Pinch: A Security Analysis of OpenClaw Read More »

TrendAI™ at [un]prompted 2026: From KYC Exploits to Agentic Defense

TrendAI™ at [un]prompted 2026: From KYC Exploits to Agentic Defense 2026-03-09 at 08:32 By At [un]prompted 2026, TrendAI™ demonstrated how documents can be used to exploit AI-driven KYC pipelines and introduced FENRIR, an automated system for discovering AI vulnerabilities at scale. This article is an excerpt from Trend Micro Research, News and Perspectives View Original

TrendAI™ at [un]prompted 2026: From KYC Exploits to Agentic Defense Read More »

New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages

New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages 2026-03-05 at 17:11 By The BoryptGrab campaign uses fake SEO‑optimized GitHub repositories and deceptive download pages to distribute a data‑stealing malware family that delivers multiple payloads, including a reverse SSH backdoor, to Windows users. This article is an excerpt from Trend Micro Research, News and

New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages Read More »

Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations

Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations 2026-03-04 at 21:05 By Tycoon 2FA was dismantled this week by law enforcement and industry partners including TrendAI™. The phishing-as-a-service platform offered MFA bypass services using adversary-in-the-middle (AitM) proxying. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations Read More »

CISOs in a Pinch: A Security Analysis of OpenClaw

CISOs in a Pinch: A Security Analysis of OpenClaw 2026-03-03 at 08:21 By Learn how Claude Code Security set Cybersecurity stocks on fire. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

CISOs in a Pinch: A Security Analysis of OpenClaw Read More »

Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer

Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer 2026-02-23 at 02:00 By Malicious OpenClaw skills trick AI agents and users into installing a new AMOS variant that steals extensive data at scale. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer Read More »

Scroll to Top