Earth Lamia Develops Custom Arsenal to Target Multiple Industries

Trend™ Research has been tracking an active APT threat actor named Earth Lamia, targeting multiple industries in Brazil, India and Southeast Asia countries at least since 2023. The threat actor primarily exploits vulnerabilities in web applications to gain access to targeted organizations...

Trend Micro Leading the Fight to Secure AI

New MITRE ATLAS submission helps strengthen organizations’ cyber resilience...

Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain

We have detected a new tactic involving fake CAPTCHA pages that trick users into executing harmful commands in Windows. This scheme uses disguised files sent via phishing and other malicious methods...

Trend Joins NVIDIA to Secure AI Infrastructure with NVIDIA

Together, we are focused on securing the full AI lifecycle—from development and training to deployment and inference—across cloud, data center, and AI factories...

Trend Secures AI Infrastructure with NVIDIA

Together, we are focused on securing the full AI lifecycle—from development and training to deployment and inference—across cloud, data center, and AI factories...

Using Agentic AI & Digital Twin for Cyber Resilience

Learn how Trend is combining agentic AI and digital twin to transform the way organizations protect themselves from cyber threats...

Trend Micro Puts a Spotlight on AI at Pwn2Own Berlin

Get a sneak peak into how Trend Micro's Pwn2Own Berlin 2025 is breaking new ground, focusing on AI infrastructure and finding the bugs to proactively safeguard the future of computing...

Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan

Trend™ Research discusses the evolving tradecraft of threat actor Earth Ammit, proven by the advanced toolset used in its TIDRONE and VENOM campaigns that targeted the drone supply chain...

Maritime Cybersecurity: Threats & Regulations Loom

This review summarizes the key insights shared during the webinar held on April 9th, which featured maritime cybersecurity experts discussing the growing challenges facing ports, logistics operations, and global supply chains...

Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal

During our monitoring of Agenda ransomware activities, we uncovered campaigns that made use of the SmokeLoader malware and a new loader we've named NETXLOADER...

Exploring PLeak: An Algorithmic Method for System Prompt Leakage

What is PLeak, and what are the risks associated with it? We explored this algorithmic technique and how it can be used to jailbreak LLMs, which could be leveraged by threat actors to manipulate systems and steal sensitive data...

Earth Kasha Updates TTPs in Latest Campaign Targeting Taiwan and Japan

This blog discusses the latest modifications observed in Earth Kasha’s TTPs from their latest campaign detected in March 2025 targeting Taiwan and Japan...

NVIDIA Riva Vulnerabilities Leave AI-Powered Speech and Translation Services at Risk

Trend Research uncovered misconfigurations in NVIDIA Riva deployments, with two vulnerabilities, CVE-2025-23242 and CVE-2025-23243, contributing to their exposure. These security flaws could lead to unauthorized access, resource abuse, and potential misuse or theft of AI-powered inference service...

Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors

An APT group dubbed Earth Kurma is actively targeting government and telecommunications organizations in Southeast Asia using advanced malware, rootkits, and trusted cloud services to conduct cyberespionage...

Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations

In this blog entry, we discuss how North Korea's significant role in cybercrime – including campaigns attributed to Void Dokkaebi – is facilitated by extensive use of anonymization networks and the use of Russian IP ranges...

FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE

This blog details our investigation of malware samples that conceal within them a FOG ransomware payload...

CrazyHunter Campaign Targets Taiwanese Critical Sectors

This blog entry details research on emerging ransomware group CrazyHunter, which has launched a sophisticated campaign aimed at Taiwan's essential services...

Top 10 for LLM & Gen AI Project Ranked by OWASP

Trend Micro has become a Gold sponsor of the OWASP Top 10 for LLM and Gen AI Project, merging cybersecurity expertise with OWASP's collaborative efforts to address emerging AI security risks. This partnership underscores Trend Micro's unwavering commitment to advancing AI security, ensuring a...

Strengthen Security with Cyber Risk Advisory

In today’s fast-paced digital world, cyber threats are constantly evolving. Attackers are leveraging advanced techniques and artificial intelligence AI to exploit vulnerabilities, leaving organizations vulnerable to breaches and disruptions. To combat these challenges, organizations must stay...

ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains

In ZDI-23-1527 and ZDI-23-1528 we uncover two possible scenarios where attackers could have compromised the Microsoft PC Manager supply chain...

BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets

A controller linked to BPF backdoor can open a reverse shell, enabling deeper infiltration into compromised networks. Recent attacks have been observed targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt...

Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks

A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk...

Trend Vision One™ Now Supports Azure vTAP

Effective April 2025, Microsoft is launching their Azure vTAP and integrating it with Trend Vision One Network Detection and Response solution. This integration allows organizations to gain deep visibility into cloud network traffic without compromising performance. It ensures real-time detection...

CTEM + CREM: Aligning Your Cybersecurity Strategy

Cyber threats evolve daily, and organizations need to move beyond traditional security approaches to stay ahead. That’s why Continuous Threat Exposure Management CTEM, a concept introduced by Gartner, has been gaining traction. CTEM isn’t just another cybersecurity buzzword; it’s a structured,...

GTC 2025: AI, Security & The New Blueprint

From quantum leaps to AI factories, GTC 2025 proved one thing: the future runs on secure foundations...

Capacity is Critical in Riskier Threat Landscape

International cooperation, reporting, and capacity building are critical to enhance cybersecurity defenses. Effective governance in an increasingly risky landscape requires visibility as well as coordinated vulnerability disclosure...

The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques

The cyberespionage techniques of Earth Alux, a China-linked APT group, are putting critical industries at risk. The attacks, aimed at the APAC and Latin American regions, leverage powerful tools and techniques to remain hidden while stealing sensitive data...

A Deep Dive into Water Gamayun’s Arsenal and Infrastructure

Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework CVE-2025-26633 to execute malicious code on infected machines...

Trend Micro & IBM Team Up To Boost Mainframe Security

Trend Micro Deep Security adds security for mainframe enterprise integration...

Trend Cybertron: Full Platform or Open-Source?

Previously exclusive to Trend Vision One customers, select Trend Cybertron models, datasets and agents are now available via open-source. Build advanced security solutions and join us in developing the next generation of AI security technology...

Cybertron Reshapes AI Security as “Cyber Brain” Grows

Previously exclusive to Trend Vision One customers, select Trend Cybertron models, datasets and agents are now available via open-source. Build advanced security solutions and join us in developing the next generation of AI security technology...

CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin

Trend Research identified Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data...

Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations

Trend Research encounters new versions of the Albabat ransomware, which appears to target Windows, Linux, and macOS devices. We also reveal the group’s use of GitHub to streamline their ransomware operation...

SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware

Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks...

ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns

Trend Zero Day Initiative™ ZDI uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373 aka ZDI-25-148, a Windows .lnk file vulnerability that enables hidden command execution...

SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware

Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks...

AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution

In this blog entry, we uncovered a campaign that uses fake GitHub repositories to distribute SmartLoader, which is then used to deliver Lumma Stealer and other malicious payloads. The campaign leverages GitHub’s trusted reputation to evade detection, using AI-generated content to make fake...

From Event to Insight: Unpacking a B2B Business Email Compromise (BEC) Scenario

Trend Micro™ Managed XDR assisted in an investigation of a B2B BEC attack that unveiled an entangled mesh weaved by the threat actor with the help of a compromised server, ensnaring three business partners in a scheme that spanned for days. This article features investigation insights, a proposed...

Exploiting DeepSeek-R1: Breaking Down Chain of Thought Security

This entry explores how the Chain of Thought reasoning in the DeepSeek-R1 AI model can be susceptible to prompt attacks, insecure output generation, and sensitive data theft...

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal

In this blog entry, we discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines...

Updated Shadowpad Malware Leads to Ransomware Deployment

In this blog, we discuss about how Shadowpad is being used to deploy a new undetected ransomware family. They deploy the malware exploiting weak passwords and bypassing multi-factor authentication...

Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection

Our Threat Hunting team discusses Earth Preta’s latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, bypass ESET antivirus, and maintain control over compromised systems...

Chinese-Speaking Group Manipulates SEO with BadIIS

This blog post details our analysis of an SEO manipulation campaign targeting Asia. We also share recommendations that can help enterprises proactively secure their environment...

CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks

The Trend ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks...

Native Sensors vs. Integrations for XDR Platforms?

Native sensors vs. integrations in XDR: Native sensors offer faster deployment, real-time detection, and deeper visibility, while integrations may add complexity and delays. Learn how to optimize your XDR strategy for improved security...

Future of Cybersecurity: Will XDR Absorb SIEM & SOAR?

XDR is reshaping cybersecurity by unifying and enhancing SIEM and SOAR capabilities into a single platform. It addresses alert fatigue, improves incident correlation, simplifies operations, and enhances efficiency for SOC teams...

Future of Cybersecurity: Will XDR Reshape SIEM & SOAR?

XDR is reshaping cybersecurity by unifying and enhancing SIEM and SOAR capabilities into a single platform. It addresses alert fatigue, improves incident correlation, simplifies operations, and enhances efficiency for SOC teams...

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response

The Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub, where attackers leveraged the platform's release infrastructure to deliver malware such as SectopRAT, Vidar, and Cobeacon...

NDR: Not Just a "Nice to Have" Anymore

Network Detection and Response NDR is no longer a 'nice-to-have'—it’s essential. NDR complements EDR, accelerates incident response, and enhances visibility, making it a critical tool for modern cybersecurity strategies and service providers...

ASRM: A New Pillar for Cyber Insurance Underwriting

ASRM transforms cyber insurance underwriting by integrating real-time risk assessments, advanced tools NDR, EDR, Cloud Security, MDR, and proactive mitigation strategies to improve accuracy, reduce claims, and build trust...