Research, News, and Perspectives

Cyber Threats

Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft

Our research examines the April 22 Checkmarx KICS and April 24 elementary-data incidents as part of a broader TeamPCP supply chain campaign. Across both cases, the actor abused trusted CI/CD and release workflows to steal credentials at scale.

Research May 13, 2026

Artificial Intelligence (AI)

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we have observed of AI agents executing attacks from initial access to data exfiltration.

Research May 11, 2026

Cyber Threats

What Is the Instructure Canvas Breach? Impact, Risks, and What Institutions Should Do

The Instructure Canvas breach affects universities, K–12 school districts, and teaching hospitals globally. This blog entry intends to provide context and practical guidance.

May 10, 2026

Artificial Intelligence (AI)

Supporting the National Cyber Strategy: How TrendAI™ Helps

A deeper look at the first three pillars and outlining how our capabilities directly support government agencies working to bring this strategy to life.

Expert Perspective May 06, 2026

Cyber Threats

InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise

Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disables security features, achieves persistence, and connects to attacker-controlled C&C servers for additional payloads.

Research May 05, 2026

Cyber Threats

Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities

TrendAI™ Research breaks down Quasar Linux (QLNX), a previously undocumented sophisticated Linux RAT with low detection rates. In this blog, we examine a full-featured Linux threat incorporating a rootkit, a PAM backdoor, credential harvesting, and more, revealing how this malware enables stealthy access, persistence, and potential supply-chain attacks.

Research May 04, 2026

APT & Targeted Attacks

Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

A China-aligned threat group is exploiting unpatched Microsoft Exchange vulnerabilities to conduct cyberespionage against government and critical infrastructure targets across Asia and beyond.

Research Apr 30, 2026

Cyber Threats

Kuse Web App Abused to Host Phishing Document

Bad actors took advantage of the legitimate name and services of Kuse, a popular AI-based app designed for workplaces. The attackers exploited the users’ trust in Kuse to carry out a phishing attack.

Research Apr 29, 2026

Cyber Threats

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

Our research on Void Dokkaebi’s operations uncovered a campaign that turns infected developer repositories into malware delivery channels. By spreading through trusted workflows, organizational codebases, and open-source projects, the threat can scale from a single compromise to a broader supply chain risk.

Research Apr 21, 2026

Artificial Intelligence (AI)

The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables

An OAuth supply chain compromise at Vercel exposed how trusted third party apps and platform environment variables can bypass traditional defenses and amplify blast radius. This article examines the attack chain, underlying design tradeoffs, and what it reveals about modern PaaS and software supply chain risk.

Research Apr 20, 2026

Research, News, and Perspectives

What Is the Instructure Canvas Breach? Impact, Risks, and What Institutions Should Do

Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

What Is the Instructure Canvas Breach? Impact, Risks, and What Institutions Should Do

Supporting the National Cyber Strategy: How TrendAI™ Helps

InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise

Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities

Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

Kuse Web App Abused to Host Phishing Document

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables

Trend Vision One™ - Proactive Security Starts Here.

Resources

Support

About Trend

Country Headquarters

Research, News, and Perspectives

Trending Topics

Trend Vision One™ - Proactive Security Starts Here.

Resources

Support

About Trend

Country Headquarters