TrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats

TrendAI™ Research explored agentic AI cybercrime and EV infrastructure security through two research sessions at RSAC 2026...

Virtuozzo Infrastructure 7.3 (7.3.0-171) (formerly Virtuozzo Hybrid Infrastructure)

This release focuses on technical improvements, user experience enhancements, storage performance, and S3 protocol capabilities. It also introduces the product rename from Virtuozzo Hybrid Infrastructure to Virtuozzo Infrastructure. Additionally, this release delivers stability fixes and addresse...

hays-london-azure-platform-2-poc

Hays London Azure Platform Engineer POC — AKS Operations & Pla...

Security Notice: Impact of CVE-2026-33634 on ownCloud Build Infrastructure - ownCloud

No customer data was compromised. No source code was altered. The attack affected our build infrastructure only – specifically the systems that produce container images and client binaries. If you are using a build before March 19th, no action is needed If you are using ocis-rolling image conta...

How Microsoft Defender protects high-value assets in real-world attack scenarios

In this article 1. Using asset context to strengthen detection 2. How high-value asset protection works 3. Real-world high-value asset protection scenarios 4. Protecting your HVAs 5. Learn more High-value assets including domain controllers, web servers, and identity infrastructure are frequent...

CVE-2025-15612 Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

CVE-2025-15612 Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

Criminals are renting virtual phones to bypass bank security

Researchers at Group-IB warn about criminals using virtual Android devices to bypass modern security solutions. Cloud phones are virtual Android devices that can fully mimic real device fingerprints model, hardware, IP, timezone, sensor data, behavior. This allows them to undermine banks’...

forman: Foreman: Remote Code Execution via command injection in WebSocket proxy

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...

CVE-2026-25186

Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure ATBroker.exe allows an authorized attacker to disclose information locally...

CVE-2026-21994

Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects component: Desktop. The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2026-24291

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure ATBroker.exe allows an authorized attacker to elevate privileges locally...

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

Executive overview The strategic positioning of covert access within the world’s telecommunication networks A months-long investigation by Rapid7 Labs has uncovered evidence of an advanced China-nexus threat actor, Red Menshen, placing some of the stealthiest digital sleeper cells the team has ev...

PT-2026-28374

Name of the Vulnerable Software and Affected Versions SolarWinds Observability Self-Hosted affected versions not specified Description The software is subject to a stored cross-site scripting issue. Successful exploitation may result in unintended script execution. The impact is limited by a...

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

This blog discusses the steganography, cloud abuse, and email-based backdoors used against the Ukrainian defense supply chain in the latest Pawn Storm campaign that TrendAI™ Research observed and analyzed...

EUVD-2026-15186

Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Analytics probe component, Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00...

Hitachi Ops Center Analyzer和Hitachi Infrastructure Analytics Advisor 安全漏洞

Hitachi Ops Center Analyzer and Hitachi Infrastructure Analytics Advisor are both products of Hitachi, Ltd., a Japanese company. Hitachi Ops Center Analyzer is a data center management software that allows for monitoring, reporting, and correlation of end-to-end performance from servers to storag...

Langflow 操作系统命令注入漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Prior to Langflow 1.9.0, there was a vulnerability related to operating system command injection. This vulnerability stemmed from unauthenticated remote shell injections in...

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language. Experts say the wip...

2025 Talos Year in Review: Speed, scale, and staying power

The 2025 Talos Year in Review is now available to view online. The pace and scale of adversary activity in 2025 placed sustained pressure on security teams across industries. As with each annual report, our goal at Talos is to provide the security community with a clear analysis of the tactics,...