Research, News, and Perspectives

Cyber Threats

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

Our research on Void Dokkaebi’s operations uncovered a campaign that turns infected developer repositories into malware delivery channels. By spreading through trusted workflows, organisational codebases, and open-source projects, the threat can scale from a single compromise to a broader supply chain risk.

Research Apr 21, 2026

Artificial Intelligence (AI)

The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables

An OAuth supply chain compromise at Vercel exposed how trusted third party apps and platform environment variables can bypass traditional defences and amplify blast radius. This article examines the attack chain, underlying design trade-offs, and what it reveals about modern PaaS and software supply chain risk.

Research Apr 20, 2026

Cyber Threats

Cyber Resilience, Sovereignty, and AI: What Europe’s Energy Sector Must Prepare for Next

Europe’s energy sector underpins almost every aspect of modern society. Electricity generation, transmission, and distribution are not just economic functions but foundations of public safety, healthcare, transportation, and national stability.

Expert Perspective Apr 17, 2026

Artificial Intelligence (AI)

Identity Protection in the AI Era

Enterprises aiming to predict and mitigate human, machine, and AI‑agent risks at scale demand AI‑powered identity‑first security without compromise.

U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026

The first quarter of 2026 has reinforced a hard truth: U.S. government agencies and educational institutions are operating in the most hostile cyber threat environment ever recorded.

Expert Perspective Apr 09, 2026

Artificial Intelligence (AI)

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do

Threat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organisations can take and best practices to prevent further risk.

Research Apr 07, 2026

Artificial Intelligence (AI)

Weaponising Trust Signals: Claude Code Lures and GitHub Release Payloads

A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponised the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks.

Research Apr 03, 2026

Privacy & Risks

TrendAI Insight: New U.S. National Cyber Strategy

TrendAI reviews the White House National Cyber Strategy, outlining six pillars to strengthen U.S. cybersecurity—from deterrence and regulation to federal modernisation, critical infrastructure protection, AI leadership, and workforce development.

The Real Risk of Vibecoding

This blog examines how AI‑driven vibecoding accelerates software development while increasing security risk by outpacing traditional review and ownership. It explains why security needs to move earlier and be integrated into modern development workflows.

Expert Perspective Mar 31, 2026

Cyber Threats

Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads

A supply chain attack hit Axios when attackers used stolen npm credentials to publish malicious versions containing a phantom dependency. This triggered a cross-platform RAT during installation and replaced its files with clean decoys, making detection challenging.

Research, News, and Perspectives

U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables

Cyber Resilience, Sovereignty, and AI: What Europe’s Energy Sector Must Prepare for Next

Identity Protection in the AI Era

U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do

Weaponising Trust Signals: Claude Code Lures and GitHub Release Payloads

TrendAI Insight: New U.S. National Cyber Strategy

The Real Risk of Vibecoding

Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads

Trend Vision One™ - Proactive Security Starts Here.

Resources

Support

About Trend

Country Headquarters

Research, News, and Perspectives

Trending Topics

Trend Vision One™ - Proactive Security Starts Here.

Resources

Support

About Trend

Country Headquarters