One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign 2026-05-21 at 13:14 By A solo Russian-speaking threat actor ran a 5-year Telegram channel and, starting September 2025, used AI to automate its content, credential theft, and a cryptocurrency fraud scheme targeting American audiences. This article is an excerpt […]
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud 2026-05-19 at 16:58 By In this blog entry, researchers from the TrendAI™ MDR team discuss how they mapped the full end-to-end operation of SHADOW-WATER-063’s Banana RAT banking malware by analyzing server-side artifacts and victim-side data. This article is an excerpt from Trend Micro Research, News
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud Read More »
Kuse Web App Abused to Host Phishing Document 2026-04-29 at 17:47 By Bad actors took advantage of the legitimate name and services of Kuse, a popular AI-based app designed for workplaces. The attackers exploited the users’ trust in Kuse to carry out a phishing attack. This article is an excerpt from Trend Micro Research, News
Kuse Web App Abused to Host Phishing Document Read More »
Identity Protection in the AI Era 2026-04-15 at 23:09 By Enterprises aiming to predict and mitigate human, machine, and AI‑agent risks at scale demand AI‑powered identity‑first security without compromise. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Identity Protection in the AI Era Read More »
Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries 2026-03-20 at 10:22 By We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries Read More »
Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations 2026-03-04 at 21:05 By Tycoon 2FA was dismantled this week by law enforcement and industry partners including TrendAI™. The phishing-as-a-service platform offered MFA bypass services using adversary-in-the-middle (AitM) proxying. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations Read More »
Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response 2026-01-12 at 13:43 By Threat actors exploited Cloudflare’s free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations. This article is an excerpt from Trend Micro Research, News and Perspectives
Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response Read More »
SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics 2025-12-12 at 01:12 By In November, a targeted spear-phishing campaign was observed using Trend Micro-themed lures against various industries, but this was quickly detected and thwarted by the Trend Vision One™ platform. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics Read More »
Trend Vision One™ Integration with AWS Security Hub CSPM: Unifying Cloud Security 2025-12-10 at 08:53 By The integration between Trend Vision One and Security Hub CSPM is exactly that, two powerful platforms enhancing each other to keep your AWS infrastructure protected. This article is an excerpt from Trend Micro Research, News and Perspectives View Original
Trend Vision One™ Integration with AWS Security Hub CSPM: Unifying Cloud Security Read More »
What’s your CNAPP maturity? 2025-12-02 at 04:53 By More and more enterprises are opting for cloud-native application protection platforms (CNAPPs) instead of complex and hard-to-manage cloud security point solutions. Find out where your organization is on its CNAPP maturity journey. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
What’s your CNAPP maturity? Read More »
Trend & AWS Partner on Cloud IPS: One-Click Protection 2025-11-20 at 08:46 By In the race to secure cloud infrastructure, intrusion prevention systems (IPS) remain one of the most critical yet complex at the cloud network layer of defense. For many organizations, deploying IPS in the cloud is a balancing act between agility and control.
Trend & AWS Partner on Cloud IPS: One-Click Protection Read More »
How are you managing cloud risk? 2025-11-05 at 10:08 By Learn why managing cloud risk demands unified visibility, continuous risk assessment, and efficient security operations. Discover how a full-featured CNAPP like Trend Vision One™ Cloud Security enables organizations to move from reactive to proactive cloud protection. This article is an excerpt from Trend Micro Research,
How are you managing cloud risk? Read More »
Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C 2025-10-28 at 07:12 By Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware activity across multiple infected
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users 2025-10-04 at 01:35 By Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts. This article is an excerpt from Trend
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users Read More »
How AI-Native Development Platforms Enable Fake Captcha Pages 2025-09-19 at 11:45 By Cybercriminals are abusing AI-native platforms like Vercel, Netlify, and Lovable to host fake captcha pages that deceive users, bypass detection, and drive phishing campaigns. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
How AI-Native Development Platforms Enable Fake Captcha Pages Read More »
MDR in Action: Preventing The More_eggs Backdoor From Hatching 2024-09-30 at 18:16 By Trend Micro MDR (Managed Detection and Response) team promptly mitigated a more_eggs infection. Using Vision One, MDR illustrated how Custom Filters/Models and Security Playbook can be used to automate the response to more_eggs and similar threats. This article is an excerpt from
MDR in Action: Preventing The More_eggs Backdoor From Hatching Read More »
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC 2024-09-19 at 11:47 By We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China. This article is an excerpt from Trend Micro Research, News and Perspectives
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC Read More »
Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command 2024-09-05 at 12:46 By Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection. This article is an excerpt from Trend
Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command Read More »
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft 2024-08-01 at 12:16 By We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites. This article is an excerpt from Trend Micro Research, News and
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft Read More »
QR Codes: Convenience or Cyberthreat? 2024-07-23 at 20:16 By Security awareness and measures to detect and prevent sophisticated risks associated with QR code-based phishing attacks (quishing) This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
QR Codes: Convenience or Cyberthreat? Read More »