appsec.fyi · Sources

trendmicro.com

10 curated AppSec resources from trendmicro.com across 3 topics on appsec.fyi.

trendmicro.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-14.

Supply Chain 7 API Sec 2 AI 1
Date Added Resource Excerpt
2026-05-14 2026Analyzing TeamPCPs Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential TheftSupply ChainLibrary analyzing TeamPCP's supply chain attacks, specifically the Checkmarx KICS and elementary-data incidents. The campaign leverages CI/CD and release workflows to steal credentials like GitHub PATs, npm tokens, and cloud secrets. Techniques include multichannel poisoning across Docker Hub, VS Code extensions, and GitHub Actions, as well as GitHub Actions script injection to produce malicious packages signed by legitimate CI, targeting ecosystems like PyPI and GHCR.
2026-05-05 2026Quasar Linux (QLNX) A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit PAM Backdoor Credential Harvesting CapabilitiesSupply ChainLibrary for analyzing Quasar Linux (QLNX), a sophisticated Linux RAT with low detection rates, featuring a rootkit, PAM backdoor, and credential harvesting capabilities. QLNX targets developers and DevOps credentials in the software supply chain, extracting secrets from files like .npmrc, .pypirc, and .aws/credentials. It uses dynamic compilation of PAM modules and LD_PRELOAD rootkits, and employs P2P mesh networking for resilience, making eradication difficult.
2026-04-21 2026The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment VariablesSupply ChainAnalysis of the Vercel breach, an OAuth supply chain attack beginning around February 2026, details how a compromised third-party application and platform environment variables bypassed traditional defenses. The incident, initiated by Lumma Stealer malware infecting a Context.ai employee, exploited Vercel's environment variable model where non-sensitive credentials were exposed to attackers with internal access. This breach highlights risks inherent in OAuth trust relationships, amplified by AI-accelerated tradecraft and significant detection-to-disclosure latency, urging architectural changes like treating OAuth apps as third-party vendors and eliminating long-lived platform secrets.
2026-04-21 2026The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment VariablesSupply ChainAnalysis of the Vercel breach details an OAuth supply chain attack where a compromised third-party application granted long-lived, password-independent access, bypassing traditional defenses. This incident highlights the risk of platform environment variables being readable with internal access, especially when not explicitly marked as sensitive. The attack chain, initiated by Lumma Stealer malware affecting Context.ai, demonstrates AI-accelerated tradecraft and raises concerns about detection-to-disclosure latency in platform breaches, fitting a broader pattern of attacks targeting developer-stored credentials across various platforms.
2026-04-21 2026The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment VariablesSupply ChainAnalysis of the Vercel Breach details an OAuth supply chain attack where a compromised third-party application granted unauthorized access to Vercel's internal systems. This exploit, enabled by Lumma Stealer malware infecting a Context.ai employee, allowed attackers to exfiltrate environment variables for a subset of customer projects, bypassing perimeter defenses. The incident highlights risks associated with platform environment variable models, detection-to-disclosure latency, and the broader trend of credential compromises across developer tools, emphasizing the need for architectural changes like treating OAuth apps as vendors and assuming provider-side compromise.
2026-04-20 2026The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment VariablesSupply ChainAnalysis of the Vercel breach details an OAuth supply chain attack where a compromised third-party application granted attackers long-lived access to Vercel's internal systems. This allowed them to read environment variables, amplified by Vercel's model where non-sensitive credentials were exposed without additional controls for compromised teams. The incident highlights risks in platform environment variables, detection-to-disclosure latency, and a convergence pattern of targeting developer-stored credentials across various platforms.
2026-04-17 2026What We Know About the NPM Supply Chain Attack (Trend Micro)Supply ChainLibrary detailing the Shai-hulud worm's attack chain, which exploits compromised NPM maintainer accounts to inject malicious code into popular JavaScript packages. This worm self-propagates by hijacking web APIs, diverting cryptocurrency, stealing cloud service tokens, and deploying secret-scanning tools, impacting organizations across North America and Europe.
2026-04-16 2026Kong API Gateway Misconfigurations Case Study - Trend MicroAPI SecLibrary for securing Kong API Gateway deployments, detailing common misconfigurations such as exposing the administration API and missing firewall rules. It highlights the risk of storing secrets like API keys in plain text within the database, especially in the community version lacking robust encryption and vault support. The entry emphasizes the importance of secure access controls and proper network segmentation to prevent unauthorized access and potential back-end compromise.
2026-04-11 2026Kong API Gateway Misconfigurations: A Security Case StudyAPI SecLibrary detailing Kong API Gateway misconfigurations, including exposing the Administration API on public interfaces, missing firewall rules, and insecure storage of secrets like API keys in plain text. It highlights how default configurations and examples found in container image repositories can lead to these vulnerabilities, emphasizing the need for proper access controls and secure credential management.
2026-04-02 2026Guarding LLMs With a Layered Prompt Injection RepresentationAILibrary for LLM security that learns a low-dimensional latent representation of prompt injection attacks. This approach complements perplexity-based filtering and achieves high precision and recall by training a classifier on features derived from this learned representation, distinguishing benign prompts from adversarial ones.