Threat Landscape

In the third part of our series we demonstrate how risk intensifies in multi-modal AI agents, where hidden instructions embedded within innocuous-looking images or documents can trigger sensitive data exfiltration without any user interaction.

This introductory post kicks off a blog series on AI agent vulnerabilities, outlining key security risks like prompt injection and code execution, and sets the stage for future parts, which will dive deeper into issues such as code execution flaws, data exfiltration, and database access threats.

The Trend 2025 Cyber Risk Report sustains our shift towards proactive security. Protecting enterprises is no longer about stopping breaches but is now about staying ahead, making cybersecurity a business enabler. By looking at the 2025 risk landscape, we recognize exposures and understand attacker behavior to be able to implement countermeasures, transforming security from a challenge to a catalyst for innovation and business growth.

Threat actors are actively looking for exposed .env files. These files have become ticking bombs deeply rooted inside DevOps practices. Our research paper uncovers the hidden dangers in DevOps using real-world examples.

This article highlights the critical importance of reducing the Cyber Risk Index, presenting findings that establishes a significant correlation between higher Risk Indices and increased susceptibility to ransomware infections.

The increased adoption of technologies like artificial intelligence (AI), machine learning (ML), large language models (LLMs), and high-performance computing (HPC) underscores the growing need to prioritize the security of graphics processing units (GPUs).

This report looks into the notable email threats of 2023, including the 45,261,542 high-risk email threats we detected and blocked using the Trend Micro™ Cloud App Security solution, also referred to as Trend Vision One™ — Email and Collaboration Protection solution, which is part of the Trend Vision One Email and Collaboration Security suite.

We discuss proof-of-concept rootkits and malware used by cybercriminals in conjunction with Berkeley Packet Filtering (BPF), a piece of technology that allows programs to execute code in the operating systems of popular cloud-computing platforms. We also show how to detect such threats.

In this first installment in our series on the challenges of the cybersecurity industry, we explore the underlying causes of the workforce gaps that have long plagued SOC teams.