How Your AI Chatbot Can Become a Backdoor

In this post of THE AI BREACH, learn how your Chatbot can become a backdoor...

Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users

Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts...

Cloud Security in the CNAPP Era: Eight Important Takeaways

Eight takeaways on why Trend Vision One™ embodies the best of today’s CNAPP vision. Includes insights from 2025 Gartner® Market Guide for CNAPP...

CNAPP is the Solution to Multi-cloud Flexibility

Cloud-native application protection platform CNAPP not only helps organizations protect, but offers the flexibility of multi-cloud...

New LockBit 5.0 Targets Windows, Linux, ESXi

Trend™ Research analyzed source binaries from the latest activity from notorious LockBit ransomware with their 5.0 version that exhibits advanced obfuscation, anti-analysis techniques, and seamless cross-platform capabilities for Windows, Linux, and ESXi systems...

Domino Effect: How One Vendor's AI App Breach Toppled Giants

A single AI chatbot breach at Salesloft-Drift exposed data from 700+ companies, including security leaders. The attack shows how AI integrations expand risk, and why controls like IP allow-listing, token security, and monitoring are critical...

This Is How Your LLM Gets Compromised

Poisoned data. Malicious LoRAs. Trojan model files. AI attacks are stealthier than ever—often invisible until it’s too late. Here’s how to catch them before they catch you...

AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks

Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks...

How AI-Native Development Platforms Enable Fake Captcha Pages

Cybercriminals are abusing AI-native platforms like Vercel, Netlify, and Lovable to host fake captcha pages that deceive users, bypass detection, and drive phishing campaigns...

What We Know About the NPM Supply Chain Attack

Trend™ Research outlines the critical details behind the ongoing NPM supply chain attack and offers essential steps to stay protected against potential compromise...

EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks

Combining AI-generated code and social engineering, EvilAI operators are executing a rapidly expanding campaign, disguising their malware as legitimate applications to bypass security, steal credentials, and persistently compromise organizations worldwide...

What’s Your Cybersecurity Maturity?

This blog post looks at four key milestones along the cybersecurity maturity journey and poses some questions you can ask to determine the stage of your organization’s progress...

Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed

An analysis of the Gentlemen ransomware group, which employs advanced, adaptive tactics, techniques, and procedure to target critical industries worldwide...

An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps

Trend™ Research analyzed a campaign distributing Atomic macOS Stealer AMOS, a malware family targeting macOS users. Attackers disguise the malware as “cracked” versions of legitimate apps, luring users into installation...

Three Critical Facts About Cyber Risk Management

For CISOs responsible for cyber risk management, these three insights will help build a strong and reliable foundation for your proactive security strategy...

Operation Serengeti 2.0: Trend Micro Helps Law Enforcement Fight Cybercrime in Africa

Operation Serengeti 2.0: With Trend Micro’s support, INTERPOL led a major crackdown across Africa, arresting cybercriminals, dismantling infrastructures, recovering illicit funds, and protecting tens of thousands of victims...

TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents

The TAOTH campaign exploited abandoned software and spear-phishing to deploy multiple malware families, targeting dissidents and other high-value individuals across Eastern Asia...

Trend Vision One™ Email Security Raises the Standard

Learn all the new aspects of Trend Vision One™ Email Security and how it's raising the standard of effectiveness for the industry...

Trend Vision One Integrates Microsoft Defender for Endpoint

Discover how Trend Vision One integrates with Microsoft Defender for Endpoint to unify visibility, close security gaps, and accelerate risk mitigation - maximizing protection without replacing existing tools...

Leadership, Innovation, and the Future of AI: Lessons from Trend Micro CEO & Co-Founder Eva Chen

Discover how AI is reshaping cybersecurity through our CEO, Eva Chen’s industry briefing series. Gain practical strategies, real-world insights, and a clear roadmap to secure your AI initiatives with confidence...

Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware

Warlock ransomware exploits unpatched Microsoft SharePoint vulnerabilities to gain access, escalate privileges, steal credentials, move laterally, and deploy ransomware with data exfiltration across enterprise environments...

Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks

Crypto24 is a ransomware group that stealthily blends legitimate tools with custom malware, using advanced evasion techniques to bypass security and EDR technologies...

New Ransomware Charon Uses Earth Baxia APT Techniques To Target Enterprises

We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...

New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises

We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...

Gunra Ransomware Group Unveils Efficient Linux Variant

This blog discusses how Gunra ransomware’s new Linux variant accelerates and customizes encryption, expanding the group’s reach with advanced cross-platform tactics...

Revisiting UNC3886 Tactics to Defend Against Present Risk

We examine the past tactics used by UNC3886 to gain insight on how to best strengthen defenses against the ongoing and emerging threats of this APT group...

Unlocking the Power of Amazon Security Lake for Proactive Security

Security is a central challenge in modern application development and maintenance, requiring not just traditional practices but also a deep understanding of application architecture and data flow. While organizations now have access to rich data like logs and telemetry, the real challenge lies in...

Proactive Email Security: The Power of AI

Lead with AI-powered email security to stay ahead of attackers and personalize user interaction at every touchpoint, bridging technology and behavior with precision...

Back to Business: Lumma Stealer Returns with Stealthier Methods

Lumma Stealer has re-emerged shortly after its takedown. This time, the cybergroup behind this malware appears to be intent on employing more covert tactics while steadily expanding its reach. This article shares the latest methods used to propagate this threat...

Proactive Security and Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)

CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse...

Proactive Security Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)

CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse...

Securing Tomorrow: An Interview with Trend Micro VP of Product Management Michael Habibi

Proactive security in a rapidly evolving threat landscape...

CISA's NIMBUS 2000 Initiative: Understanding Key Findings and Strengthening Cloud Identity Security

This blog explores key findings from CISA’s NIMBUS 2000 Cloud Identity Security Technical Exchange and how Trend Vision One™ Cloud Security aligns with these priorities. It highlights critical challenges in token validation, secrets management, and logging visibility—offering insights into how...

Preventing Zero-Click AI Threats: Insights from EchoLeak

A zero-click exploit called EchoLeak reveals how AI assistants like Microsoft 365 Copilot can be manipulated to leak sensitive data without user interaction. This entry breaks down how the attack works, why it matters, and what defenses are available to proactively mitigate this emerging AI-nativ...

BERT Ransomware Group Targets Asia and Europe on Multiple Platforms

BERT is a newly emerged ransomware group that pairs simple code with effective execution—carrying out attacks across Europe and Asia. In this entry, we examine the group’s tactics, how their variants have evolved, and the tools they use to get past defenses and speed up encryption across platform...

AI Dilemma: Emerging Tech as Cyber Risk Escalates

As AI adoption accelerates, businesses face mounting cyber threats—and urgent choices about secure implementation...

Why Trend Micro Continues to be Named a CNAPP Leader

Trend Micro is recognized for our Cloud CNAPP capabilities and product strategy—affirming our vision to deliver a cloud security solution that predicts, protects, and responds to threats across hybrid and multi-cloud environments...

How to Build an Effective Security Awareness Program

This is a step-by-step guide to build a strong security awareness and training program that empowers your employees and protects your business...

Why a Classic MCP Server Vulnerability Can Undermine Your Entire AI Agent

A single SQL injection bug in Anthropic’s SQLite MCP server—forked over 5,000 times—can seed stored prompts, exfiltrate data, and hand attackers the keys to entire agent workflows. This entry unpacks the attack chain and lays out concrete fixes to shut it down...

Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet

This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data...

Operation Secure: Trend Micro's Threat Intelligence Fuels INTERPOL's Infostealer Infrastructure Takedown

In this blog, we discuss how Trend Micro played a pivotal role in Operation Secure, a multi-national law enforcement effort that dismantled the infrastructure behind widespread infostealer malware campaigns across Asia and the Pacific...

Ensuring Secure Container Deployments with Image Signature Verification

Ensure your container deployments are secure with a verified image signature...

Enabling Secure AI Inference: Trend Cybertron Leverages NVIDIA Universal LLM NIM Microservices

Learn how Trend's Cybertron has been harnessing the power of NVIDIA Universal LLM NIM Microservices...

Innovation in the Fast Lane: Lessons from Motorsport and Cybersecurity

Learn how Trend Micro and NEOM McLaren Formula E Team turn creativity into innovation by rethinking team structures, workflows, and data use...

Keeping Pace and Embracing Emerging Technologies

Trend Micro and the NEOM McLaren Formula E Team stay ahead of the curve by embracing new technologies, fostering a no-blame culture, and making split-second decisions in high-stakes environments...

How Google’s Wiz Acquisition Impacts CNAPP

Google aims to stake out a share of the CNAPP market and compete head-on against AWS and Microsoft Azure with its planned Wiz acquisition. What are the implications for companies invested in AWS and Azure cloud infrastructure?...

NEOM McLaren Formula E Team & Trend Micro Innovation History

Explore how innovation becomes a team sport when Trend Micro and the NEOM McLaren Formula E Team leaders come together to talk culture, risk, and forward thinking...

Stay Ahead of Cyber Threats Sweeping Container Telemetry data

Threat Intelligence Sweeping starts to support sweep container security telemetry data. It helps identify possible attacks happened based on TI intelligence in container environment. The trigger events are visible in workbench alert...

Threat Intelligence Sweeping now supports container security telemetry data

Threat Intelligence Sweeping starts to support sweep container security telemetry data. Users can now use the TI tool to identify possible malicious activity in their container-based environments. The trigger events are visible in workbench alert...

Driving Success on the Track or in the Boardroom

Discover how the Trend Micro and the NEOM McLaren Formula E Team partnership is powered by a common vision for winning, on the track and in the boardroom...