PeopleSoft PeopleTools Pre-Authentication RCE: A PSIGW SSRF Chain That Executes Inside the JVM 2026-06-19 at 06:49 By A pre-authentication remote code execution (RCE) chain in Oracle PeopleSoft PeopleTools abuses the Integration Broker’s PSIGW gateway to execute code inside the application server’s Java virtual machine (JVM), evading behavioral and network sensors. This article is an excerpt […]
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet 2026-05-26 at 17:32 By TrendAI™ Research analyzed an intrusion where threat actors used the EtherHiding technique to route ClearFake payload delivery through smart contracts on the BNB Smart Chain testnet. The attack chain ended with two simultaneously deployed stealers, SectopRAT and ACRStealer
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet Read More »
Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware 2026-05-23 at 06:34 By Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware Read More »
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud 2026-05-19 at 16:58 By In this blog entry, researchers from the TrendAI™ MDR team discuss how they mapped the full end-to-end operation of SHADOW-WATER-063’s Banana RAT banking malware by analyzing server-side artifacts and victim-side data. This article is an excerpt from Trend Micro Research, News
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud Read More »
Agentic Governance: Why It Matters Now 2026-05-18 at 19:42 By AI agents now act inside the trust boundary with real credentials, and agentic governance is what keeps them from quietly breaking things at machine speed. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Agentic Governance: Why It Matters Now Read More »
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft 2026-05-14 at 03:45 By Our research examines the April 22 Checkmarx KICS and April 24 elementary-data incidents as part of a broader TeamPCP supply chain campaign. Across both cases, the actor abused trusted CI/CD and release workflows to steal credentials at scale.
Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America 2026-05-12 at 09:28 By TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we have observed of AI agents executing
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise 2026-05-06 at 01:31 By Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disables security features, achieves persistence, and connects to attacker-controlled C&C servers for additional payloads. This article
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise Read More »
Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories 2026-04-21 at 12:56 By Our research on Void Dokkaebi’s operations uncovered a campaign that turns infected developer repositories into malware delivery channels. By spreading through trusted workflows, organizational codebases, and open-source projects, the threat can scale from a single compromise to a
Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories Read More »
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM 2026-03-30 at 18:52 By Moving beyond their LiteLLM campaign, TeamPCP weaponizes the Telnyx Python SDK with stealthy WAV‑based payloads to steal credentials across Linux, macOS, and Windows. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM Read More »
Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities 2026-03-26 at 06:26 By This blog discusses the steganography, cloud abuse, and email-based backdoors used against the Ukrainian defense supply chain in the latest Pawn Storm campaign that TrendAI™ Research observed and analyzed. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries 2026-03-20 at 10:22 By We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries Read More »
Why East-West Visibility Matters for Grid Security 2026-03-18 at 12:35 By Learn how east-west traffic visibility helps detect and stop lateral movement attacks inside electric grid infrastructure and critical OT networks. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Why East-West Visibility Matters for Grid Security Read More »
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack 2026-03-16 at 15:10 By Warlock continues to enhance its attack chain with new tactics to improve persistence, lateral movement, and defense evasion using an expanded toolset: TightVNC Yuze, and a persistent BYOVD technique leveraging the NSec driver. This article is an excerpt from Trend Micro Research,
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack Read More »
New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages 2026-03-05 at 17:11 By The BoryptGrab campaign uses fake SEO‑optimized GitHub repositories and deceptive download pages to distribute a data‑stealing malware family that delivers multiple payloads, including a reverse SSH backdoor, to Windows users. This article is an excerpt from Trend Micro Research, News and
New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages Read More »
Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations 2026-03-04 at 21:05 By Tycoon 2FA was dismantled this week by law enforcement and industry partners including TrendAI™. The phishing-as-a-service platform offered MFA bypass services using adversary-in-the-middle (AitM) proxying. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations Read More »
U.S. Public Sector Under Siege 2026-02-06 at 00:10 By Discover why Government and Education must prioritize Cyber Risk Management. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
U.S. Public Sector Under Siege Read More »
Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware 2026-01-22 at 16:31 By TrendAI™ Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware Read More »
From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers 2026-01-19 at 13:40 By This blog entry provides an in-depth analysis of the multistage delivery of the Evelyn information stealer, which was used in a campaign targeting software developers. This article is an excerpt from Trend Micro Research, News and
Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with Trend Vision One™ 2026-01-13 at 11:05 By This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from Trend Research™ monitoring and Trend Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations.