Trend Micro Research, News and Perspectives

Not every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to authenticate without MFA.

Learn how east-west traffic visibility helps detect and stop lateral movement attacks inside electric grid infrastructure and critical OT networks.

Learn how TrendAI™ and our researchers contributed threat intelligence and analysis to support INTERPOL against cybercrime.

Learn how TrendAI and NVIDIA OpenShell help secure autonomous AI agents and build trusted enterprise AI systems with stronger visibility and control.

Warlock continues to enhance its attack chain with new tactics to improve persistence, lateral movement, and defense evasion using an expanded toolset: TightVNC Yuze, and a persistent BYOVD technique leveraging the NSec driver.

Our analysis of an active KongTuke campaign deploying modeloRAT — malware capable of reconnaissance, command execution, and persistent access — through compromised WordPress sites and fake CAPTCHA lures shows that the group still operates this delivery chain in parallel with the newer CrashFix technique.

Learn about OpenClaw (a sovereign agent) and how this can be viable for enterprises.

At [un]prompted 2026, TrendAI™ demonstrated how documents can be used to exploit AI-driven KYC pipelines and introduced FENRIR, an automated system for discovering AI vulnerabilities at scale.

The BoryptGrab campaign uses fake SEO‑optimized GitHub repositories and deceptive download pages to distribute a data‑stealing malware family that delivers multiple payloads, including a reverse SSH backdoor, to Windows users.

Tycoon 2FA was dismantled this week by law enforcement and industry partners including TrendAI™. The phishing-as-a-service platform offered MFA bypass services using adversary-in-the-middle (AitM) proxying.

Learn how Claude Code Security set Cybersecurity stocks on fire.

Learn how Claude Code Security set Cybersecurity stocks on fire.

Malicious OpenClaw skills trick AI agents and users into installing a new AMOS variant that steals extensive data at scale.

Malicious OpenClaw skills trick AI agents and users into installing a new AMOS variant that steals extensive data at scale.

We uncover how a campaign used Atlassian Jira Cloud to launch automated and targeted spam campaigns, exploiting trusted SaaS workflows to bypass security controls.

OpenClaw (aka Clawdbot or Moltbot) represents a new frontier in agentic AI: powerful, highly autonomous, and surprisingly easy to use. In this research, we examine how its capabilities compare to its predecessors’ and highlight the security risks inherent to the agentic AI paradigm.

Discover why Government and Education must prioritize Cyber Risk Management.

Discover how TrendAI Zero Day Initiative (ZDI) identified critical vulnerabilities across connected vehicles, EV chargers, and automotive systems.

Discover how the TrendAI Vision One and SentinelOne integration exemplifies our commitment to endpoint flexibility.

PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities.