Get a sneak peak into how Trend Micro’s Pwn2Own Berlin 2025 is breaking new ground, focusing on AI infrastructure and finding the bugs to proactively safeguard the future of computing. Read More HERE…
Trend Research uncovered misconfigurations in NVIDIA Riva deployments, with two vulnerabilities, CVE-2025-23242 and CVE-2025-23243, contributing to their exposure. These security flaws could lead to unauthorized access, resource abuse, and potential misuse or theft of AI-powered inference services, including speech recognition and text-to-speech processing. Read More HERE…
Trend Micro has become a Gold sponsor of the OWASP Top 10 for LLM and Gen AI Project, merging cybersecurity expertise with OWASP’s collaborative efforts to address emerging AI security risks. This partnership underscores Trend Micro’s unwavering commitment to advancing AI security, ensuring a secure foundation for the transformative power of AI. Read More HERE…
A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk. Read More HERE…
Cyber threats evolve daily, and organizations need to move beyond traditional security approaches to stay ahead. That’s why Continuous Threat Exposure Management (CTEM), a concept introduced by Gartner, has been gaining traction. CTEM isn’t just another cybersecurity buzzword; it’s a structured, continuous program designed to help organizations identify, assess, and mitigate security risks proactively. If you’re considering implementing a CTEM program, Trend Vision One TM Cyber Risk Exposure Management (CREM) solution—formerly known as Attack Surface Risk Management (ASRM)—can give you a significant head start. Read More HERE…
Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines. Read More HERE…
Trend Research identified Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data. Read More HERE…
Trend Zero Day Initiative™ (ZDI) uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373, a Windows .lnk file vulnerability that enables hidden command execution. Read More HERE…
The ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks. Read More HERE…
This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data. Read More HERE…