PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups

Since 2023, Trend Micro researchers have been observing threat campaigns employing a previously unseen script-based command-and-control (C&C) framework which we named PeckBirdy, being used against Chinese gambling industries, as well as malicious activities targeting Asian government entities and private organizations. Read More …

Malicious Microsoft VSCode AI extensions might have hit over 1.5 million users

More than 1.5 million people may have had their sensitive data exfiltrated to Chinese hackers through two malicious extensions found on the VSCode Marketplace. Security researchers at Koi Security said they discovered two malicious browser extensions in Microsoft’s Visual Studio Read More …

Researchers say Russian government hackers were behind attempted Poland power outage

A failed December effort to bring down parts of Poland’s energy grid was the work of Russian government hackers known for causing past energy disruptions, according to a security research firm that investigated the incident. Last week, Polish Energy Minister Read More …

The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time

Imagine visiting a webpage that looks perfectly safe. It has no malicious code, no suspicious links. Yet, within seconds, it transforms into a personalized phishing page. This isn’t merely an illusion. It’s the next frontier of web attacks where attackers Read More …

Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware

In late December 2025, EmEditor, a highly extensible and widely used text, code, and CSV editor developed by U.S.-based Emurasoft, published a security advisory warning users that its download page had been compromised. The attackers’ objective was to distribute a Read More …

A new LinkedIn phishing scam is targeting executives online

Business executives and IT admins are being targeted by a highly sophisticated phishing attack which doesn’t happen in the email inbox but rather – on LinkedIn. Security researchers ReliaQuest said they saw a new attack that combines legitimate Python pentesting Read More …

Peruvian Peaks: The digital loan illusion

Crossing the Andes, we found ourselves in the digital valleys of Peru, where a new variation of the loan scam awaited us. Much like the schemes in Brazil, these operations played on hope and desperation, luring victims with promises of Read More …

From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers

On December 8, 2025, Koi.ai published their findings about a campaign specifically targeting software developers through weaponized Visual Studio Code extensions. Here, Trend Micro will provide a more in-depth analysis of the multistage delivery of the Evelyn information stealer. Evelyn Read More …

RondoDox botnet linked to large-scale exploit of critical HPE OneView bug

A critical HPE OneView flaw is now being exploited at scale, with Check Point tying mass, automated attacks to the RondoDox botnet. The security outfit says it has identified “large-scale exploitation” of CVE-2025-37164, a maximum-severity remote code execution bug in Read More …