Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware activity across multiple infected machines.
Trend™ Research identified a sophisticated Agenda ransomware attack that deployed a Linux variant on Windows systems. This cross-platform execution can make detection challenging for enterprises.
Trend™ Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline.
A targeted underground doxxing campaign exposed alleged core members of Lumma Stealer (Water Kurita), resulting in a sharp decline in its activity and a migration of customers to rival infostealer platforms.
Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series.
Discover how Trend Vision One™ integrates with Zscaler to unify detection and access enforcement, accelerate threat containment, reduce dwell time, and deliver seamless Zero Trust protection for modern enterprises.
The Trend Zero Day Initiative™ (ZDI) and Trend™ Research teams have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen in Pwn2Own contests.
We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users.