Trend Micro Research : Research

PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Research /

PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups 2026-01-26 at 17:42 By PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities. This article is an excerpt from Trend Micro Research, […]

PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups Read More »

Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Risk, Trend Micro Research : Cyber Threats, Trend Micro Research : Research /

Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware 2026-01-22 at 16:31 By TrendAI™ Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware Read More »

From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Research /

From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers 2026-01-19 at 13:40 By This blog entry provides an in-depth analysis of the multistage delivery of the Evelyn information stealer, which was used in a campaign targeting software developers. This article is an excerpt from Trend Micro Research, News and

From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers Read More »

Your 100 Billion Parameter Behemoth is a Liability

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Artificial Intelligence (AI), Trend Micro Research : Data center, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Research /

Your 100 Billion Parameter Behemoth is a Liability 2026-01-17 at 18:04 By The “bigger is better” era of AI is hitting a wall. We are in an LLM bubble, characterized by ruinous inference costs and diminishing returns. The future belongs to Agentic AI powered by specialized Small Language Models (SLMs). Think of it as a

Your 100 Billion Parameter Behemoth is a Liability Read More »

Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with Trend Vision One™

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Research /

Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with Trend Vision One™ 2026-01-13 at 11:05 By This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from Trend Research™ monitoring and Trend Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations.

Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with Trend Vision One™ Read More »

Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research /

Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response 2026-01-12 at 13:43 By Threat actors exploited Cloudflare’s free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations. This article is an excerpt from Trend Micro Research, News and Perspectives

Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response Read More »

SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Latest News, Trend Micro Research : Phishing, Trend Micro Research : Research /

SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics 2025-12-12 at 01:12 By In November, a targeted spear-phishing campaign was observed using Trend Micro-themed lures against various industries, but this was quickly detected and thwarted by the Trend Vision One™ platform. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics Read More »

CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Latest News, Trend Micro Research : Research /

CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation 2025-12-10 at 08:53 By CVE-2025-55182 is a CVSS 10.0 pre-authentication RCE affecting React Server Components. Amid the flood of fake Proof-of-concept exploits, scanners, exploits, and widespread misconceptions, this technical analysis intends to cut through the noise. This article is an excerpt from Trend Micro Research, News and

CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation Read More »

AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Latest News, Trend Micro Research : Research /

AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows 2025-12-08 at 13:58 By In this blog entry, Trend™ Research provides a comprehensive breakdown of GhostPenguin, a previously undocumented Linux backdoor with low detection rates that was discovered through AI-powered threat hunting and in-depth malware analysis. This article is an excerpt from Trend Micro Research, News

AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows Read More »

Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Research /

Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know 2025-12-06 at 17:06 By CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks). This article is an excerpt

Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know Read More »

ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research /

ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading 2025-12-03 at 23:11 By Job seekers looking out for opportunities might instead find their personal devices compromised, as a ValleyRAT campaign propagated through email leverages Foxit PDF Reader for concealment and DLL side-loading for initial entry. This article is an excerpt from Trend

ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading Read More »

Unraveling Water Saci’s New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Artificial Intelligence (AI), Trend Micro Research : Research /

Unraveling Water Saci’s New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp 2025-12-03 at 01:09 By Through AI-driven code conversion and a layered infection chain involving different file formats and scripting languages, the threat actors behind Water Saci are quickly upgrading their malware delivery and propagation methods across WhatsApp in Brazil. This article is an excerpt from

Unraveling Water Saci’s New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp Read More »

Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research /

Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems 2025-11-27 at 14:02 By Shai-hulud 2.0 campaign features a sophisticated variant capable of stealing credentials and secrets from major cloud platforms and developer services, while automating the backdooring of NPM packages maintained by victims. Its advanced tactics enable rapid, stealthy propagation across the software supply chain, putting

Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems Read More »

Breaking Down S3 Ransomware: Variants, Attack Paths and Trend Vision One™ Defenses

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Breaking Down S3 Ransomware: Variants, Attack Paths and Trend Vision One™ Defenses 2025-11-18 at 14:14 By In this blog entry, Trend™ Research explores how ransomware actors are shifting their focus to cloud-based assets, including the tactics used to compromise business-critical data in AWS environments. This article is an excerpt from Trend Micro Research, News and

Breaking Down S3 Ransomware: Variants, Attack Paths and Trend Vision One™ Defenses Read More »

Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research /

Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C 2025-10-28 at 07:12 By Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware activity across multiple infected

Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C Read More »

Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Latest News, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques 2025-10-23 at 21:13 By Trend™ Research identified a sophisticated Agenda ransomware attack that deployed a Linux variant on Windows systems. This cross-platform execution can make detection challenging for enterprises. This article is an excerpt from Trend Micro Research, News and

Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques Read More »

The Rise of Collaborative Tactics Among China-aligned Cyber Espionage Campaigns

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Cyber Threats, Trend Micro Research : Research /

The Rise of Collaborative Tactics Among China-aligned Cyber Espionage Campaigns 2025-10-22 at 22:17 By Trend™ Research examines the complex collaborative relationship between China-aligned APT groups via the new “Premier Pass-as-a-Service” model, exemplified by the recent activities of Earth Estries and Earth Naga. This article is an excerpt from Trend Micro Research, News and Perspectives View

The Rise of Collaborative Tactics Among China-aligned Cyber Espionage Campaigns Read More »

Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research /

Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities 2025-10-22 at 01:10 By Trend Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left

Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities Read More »

Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Research /

Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing 2025-10-16 at 17:45 By A targeted underground doxxing campaign exposed alleged core members of Lumma Stealer (Water Kurita), resulting in a sharp decline in its activity and a migration of customers to rival infostealer platforms. This article is an excerpt from Trend Micro

Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing Read More »

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Latest News, Trend Micro Research : Research /

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits 2025-10-15 at 23:22 By Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series. This article is an excerpt from

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits Read More »

Scroll to Top