WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches ...
Trend Micro
20 articles
Trend Micro Deep Security Agent Flaw Allows Repeatable Security Bypass
Trend Micro’s Deep Security Agent for Linux contains a design flaw in its behavior-monitoring stack that allows a local, unprivileged attacker to repeatedly ...
Week in review: Infostealer dropped via FortiClient EMS flaw, exploited Trend Micro Apex One flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Coinflow CISO on crypto payments security under AI pressure...
Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)
A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company con...
Jailbroken Gemini AI Abused in Credential Theft and Crypto Wallet Heist
Jailbroken Gemini AI has been weaponised in a long-running campaign that combined political influence, credential theft, and a cryptocurrency wallet heist, a...
CISA Warns Trend Micro Apex One Vulnerability Is Being Exploited in Attacks
CISA has added a newly disclosed vulnerability in Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is activel...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-34291 Langflo...
New malware turns Linux systems into P2P attack networks
Attackers have found a new way to turn Linux systems into stealthy supply chain distribution hubs that are resistant to takedowns. Researchers from Trend Mic...
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and S...
ZDI-26-270: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exp...
ZDI-26-269: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exp...
ZDI-26-149: Trend Micro Cleaner One Pro Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Cleaner One Pro. An attacker must ...
ZDI-26-148: Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploi...
ZDI-26-147: Trend Micro Apex Central Improper Authentication Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploi...
ZDI-26-146: Trend Micro Apex Central Manual Update Server-Side Request Forgery Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is require...
ZDI-26-145: Trend Micro Apex Central Scheduled Update Server-Side Request Forgery Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is require...
ZDI-26-144: Trend Micro Apex Central Hub Server Server-Side Request Forgery Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is require...
ZDI-26-143: Trend Micro Apex One Security Agent TmSelfProtect Origin Validation Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obt...
ZDI-26-142: Trend Micro Apex One Security Agent Cache Mechanism Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obt...
ZDI-26-141: Trend Micro Apex One Security Agent iCore Service Signature Verification Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obt...