Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Conclusion This case is a concrete demonstration that blockchain-based payload delivery has graduated from a proof-of-concept curiosity to an operational...
Trend Micro Research : Cyber Threats
Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware
Based on technical artifacts and TTPs as well as code and infrastructure overlaps with BeaverTail and InvisibleFerret, TrendAI™ Research attributes...
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud | Trend Micro (US) Content has been added to your...
Agentic Governance: Why It Matters Now
How this fails in the real world The ugly failures are mundane. No Hollywood hacker required. An agent picks a...
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
The 21 shell reconnaissance commands include hostname, whoami, uname -a, ip addr, ip route, printenv, env | grep AWS_, kubectl...
Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
The server-side controllers for these tools were both implemented as Python-based servers. The Python source code contained comprehensive comments, structured...
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise
InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise | Trend Micro (US) Content has been added...
Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories
In some compromised repositories, we observed both techniques being present simultaneously (i.e., the malicious .vscode/tasks.json alongside the appended obfuscated JavaScript)....
The Real Risk of Vibecoding
The ownership problem no one talks about One of the biggest risks in vibe coding isn’t that nobody owns the...
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
The Telnyx compromise indicates a continued change in the techniques used in TeamPCP’s supply‑chain activity, with adjustments to tooling, delivery...
Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities
Attribution analysis Based on technical artifacts, infrastructure overlaps, and victimology, TrendAI™ Research attributes this campaign to Pawn Storm with high confidence. This...
Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries
The infection begins when the victim manually executes a file disguised as a legal notice: Dokumentation über Verstöße gegen Rechte...
Why East-West Visibility Matters for Grid Security
Electric power infrastructure is becoming more connected than ever before. Organizations responsible for operating the Bulk Electric System (BES) are...
TrendAI™ Supports Global Law Enforcement Efforts
Serious fraud and cybercrime know no boundaries — jurisdictional or otherwise. Criminal gangs operate with impunity across borders, often leaving...
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack
Following initial access, the threat actors conducted extensive lateral movement using a combination of legitimate administration tools and credential abuse....
