Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI’s Biggest AI Showdown Yet
In Pwn2Own Berlin, researchers found 47 unique zero-days across ten target categories, with payouts totaling US$1,298,250, a new event record....
Trend Micro Research : Articles, News, Reports
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Conclusion This case is a concrete demonstration that blockchain-based payload delivery has graduated from a proof-of-concept curiosity to an operational...
Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware
Based on technical artifacts and TTPs as well as code and infrastructure overlaps with BeaverTail and InvisibleFerret, TrendAI™ Research attributes...
One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign
StellarMonSetup.exe is in fact GoToResolve, a legitimate unattended remote-administration tool. Once installed, it gives the actor a persistent remote desktop...
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud | Trend Micro (US) Content has been added to your...
Agentic Governance: Why It Matters Now
How this fails in the real world The ugly failures are mundane. No Hollywood hacker required. An agent picks a...
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
The 21 shell reconnaissance commands include hostname, whoami, uname -a, ip addr, ip route, printenv, env | grep AWS_, kubectl...
Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
The server-side controllers for these tools were both implemented as Python-based servers. The Python source code contained comprehensive comments, structured...
What Is the Instructure Canvas Breach? Impact, Risks, and What Institutions Should Do
Summary In May 2026, SHADOW-AETHER-015 exposed data from 8,809 Canvas customers across 50 countries in what appears to be a...
Supporting the National Cyber Strategy: How TrendAI™ Helps
Government Agencies Deliver on Pillars 1 Through 3 In our previous blog, we applauded the White House Office of the...
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise | Trend Micro (US) Content has been added...
Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities
Conclusion The QLNX implant was built for long-term stealth and credential theft. What makes it particularly dangerous is not any...
Kuse Web App Abused to Host Phishing Document
Kuse Web App Abused to Host Phishing Document | Trend Micro (US) Content has been added to your Folio Go...
Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories
In some compromised repositories, we observed both techniques being present simultaneously (i.e., the malicious .vscode/tasks.json alongside the appended obfuscated JavaScript)....
Identity Protection in the AI Era
Identity has become the primary attack surface in modern enterprises. As organizations expand across cloud platforms, SaaS ecosystems, and distributed...
