In this blog entry, researchers from the TrendAI™ MDR team discuss how they mapped the full end-to-end operation of SHADOW-WATER-063’s Banana RAT banking malware by analyzing server-side artifacts and victim-side data. Read More HERE…
AI agents now act inside the trust boundary with real credentials, and agentic governance is what keeps them from quietly breaking things at machine speed. Read More HERE…
Our research examines the April 22 Checkmarx KICS and April 24 elementary-data incidents as part of a broader TeamPCP supply chain campaign. Across both cases, the actor abused trusted CI/CD and release workflows to steal credentials at scale. Read More HERE…
TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we have observed of AI agents executing attacks from initial access to data exfiltration. Read More HERE…
The Instructure Canvas breach affects universities, K–12 school districts, and teaching hospitals globally. This blog entry intends to provide context and practical guidance. Read More HERE…
A deeper look at the first three pillars and outlining how our capabilities directly support government agencies working to bring this strategy to life. Read More HERE…
Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disables security features, achieves persistence, and connects to attacker-controlled C&C servers for additional payloads. Read More HERE…
TrendAI™ Research breaks down Quasar Linux (QLNX), a previously undocumented sophisticated Linux RAT with low detection rates. In this blog, we examine a full-featured Linux threat incorporating a rootkit, a PAM backdoor, credential harvesting, and more, revealing how this malware enables stealthy access, persistence, and potential supply-chain attacks. Read More HERE…
A China-aligned threat group is exploiting unpatched Microsoft Exchange vulnerabilities to conduct cyberespionage against government and critical infrastructure targets across Asia and beyond. Read More HERE…
Bad actors took advantage of the legitimate name and services of Kuse, a popular AI-based app designed for workplaces. The attackers exploited the users’ trust in Kuse to carry out a phishing attack. Read More HERE…