Trend Micro flags severe Apex One RCE flaws that could let attackers disable protection layers
Trend Micro disclosed multiple critical remote code execution flaws in its Apex One endpoint security platform that could allow attackers to execute code remotely and potentially disable or bypass protections in enterprise deployments.
The vulnerabilities affect on-premises installations and represent a high-impact scenario because security infrastructure itself becomes the attack surface, increasing risk of stealthy compromise and downstream lateral movement.
Security management platforms are attractive targets since compromise can enable policy manipulation, blind spots and staged attacks across protected environments.
ManoMano reports massive data breach affecting 38 million customer accounts
European DIY marketplace ManoMano disclosed a breach affecting 38 million customer accounts, exposing personal data including email addresses and other identifiers that could fuel downstream phishing and fraud campaigns.
Large consumer breaches like this often create secondary attack waves, where leaked datasets are reused for credential stuffing, impersonation and targeted social engineering.
The scale of exposure highlights persistent risk from cloud platform compromise and third-party ecosystem dependencies, especially in large SaaS-driven environments.
Employee records compromised in Wynn Resorts breach linked to extortion threats
Wynn Resorts confirmed that attackers obtained employee data following an extortion attempt, illustrating how threat actors increasingly monetize stolen HR datasets even without immediate operational disruption.
Breaches involving workforce data can enable identity fraud, payroll scams and targeted phishing, making employee records highly valuable in underground markets.
Even when attackers claim data deletion, disclosure requirements and reputational impact remain significant for affected organizations.
Exposed SonicWall backup files allegedly used to support downstream ransomware attacks
A lawsuit filed by Marquis alleges attackers leveraged exposure of firewall configuration backups from a SonicWall cloud environment to conduct downstream intrusions that ultimately resulted in ransomware incidents affecting banking customers.
Stolen configuration data can reveal network topology, VPN secrets, and trust relationships, significantly lowering the barrier for precision intrusions and ransomware deployment.
The case highlights how supply-chain configuration exposure can act as a silent precursor to major ransomware attacks.
North Korea’s APT37 deploys new malware capable of jumping air‑gapped environments
Researchers reported that North Korea-linked APT37 developed new tooling capable of transferring data between air-gapped and internet-connected systems using staged removable media infection chains.
The approach relies on USB propagation and staged payload execution, enabling data exfiltration even in highly segmented environments traditionally considered isolated.
Such techniques demonstrate that air gaps reduce exposure but still require endpoint visibility and boundary monitoring to prevent cross-domain compromise.