CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks).
More and more enterprises are opting for cloud-native application protection platforms (CNAPPs) instead of complex and hard-to-manage cloud security point solutions. Find out where your organization is on its CNAPP maturity journey.
In the race to secure cloud infrastructure, intrusion prevention systems (IPS) remain one of the most critical yet complex at the cloud network layer of defense. For many organizations, deploying IPS in the cloud is a balancing act between agility and control.
Trendโข Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series.
Discover how Trend Vision Oneโข integrates with Zscaler to unify detection and access enforcement, accelerate threat containment, reduce dwell time, and deliver seamless Zero Trust protection for modern enterprises.
We discovered Azure Storage Account credentials exposed in Axis Communicationsโ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users.
This blog post looks at four key milestones along the cybersecurity maturity journey and poses some questions you can ask to determine the stage of your organizationโs progress.
For CISOs responsible for cyber risk management, these three insights will help build a strong and reliable foundation for your proactive security strategy.
Discover how Trend Vision One integrates with Microsoft Defender for Endpoint to unify visibility, close security gaps, and accelerate risk mitigation - maximizing protection without replacing existing tools.
Crypto24 is a ransomware group that stealthily blends legitimate tools with custom malware, using advanced evasion techniques to bypass security and EDR technologies.
Security is a central challenge in modern application development and maintenance, requiring not just traditional practices but also a deep understanding of application architecture and data flow. While organizations now have access to rich data like logs and telemetry, the real challenge lies in translating this information into actionable insights. This article explores how leveraging those insights can help detect genuine security incidents and prevent their recurrence.
CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse.
Overprivileged or misconfigured containers in Amazon EKS can expose sensitive AWS credentials to threats like packet sniffing and API spoofing, highlighting the need for least privilege and proactive security to detect and reduce these risks.
This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data.
CVE-2025-31324 in SAP NetWeaver Visual Composer enables unauthenticated file uploads, exposing systems to RCE and data loss - learn what to do about it.
Get a sneak peak into how Trend Micro's Pwn2Own Berlin 2025 is breaking new ground, focusing on AI infrastructure and finding the bugs to proactively safeguard the future of computing.
Login
