Trend Micro Apex One Management Console Exploited In The Wild (CVE‑2025‑54948/54987)

Active exploitation of critical command-injection flaws in Trend Micro Apex One Management Console has enabled remote code execution against unpatched, internet-exposed management servers. This campaign targets enterprises running Apex One on-prem, using crafted HTTP requests to execute system commands under the console service context, pivot across managed endpoints, and deploy post-exploitation tooling.

Vulnerability Overview

The impacted components are the Apex One management web interface endpoints that insufficiently sanitize user-supplied parameters, allowing attackers to inject shell metacharacters that are executed on the host OS. The issues are tracked as CVE‑2025‑54948 and CVE‑2025‑54987 and carry critical severity due to pre-authentication reachability on certain configurations.

Attack Surface and Exposure

Organizations that expose the Apex One console to the internet for remote agent management are at highest risk. Attackers scan for default ports and identifiable HTTP banners, then deliver payloads that chain command injection to establish persistent remote shells. Environments with weak network segmentation between the console and managed agent subnets face rapid lateral movement.

Observed Tactics, Techniques, and Procedures

• Reconnaissance via HTTP probing to enumerate version and endpoint behavior.
• Command injection delivering one-liners that fetch and execute droppers using curl or certutil.
• Persistence through scheduled tasks and service modification on Windows servers.
• Credential harvesting from memory and registry hives of the console host to access database backends.
• Agent policy abuse to push scripts to endpoints under the guise of legitimate updates.

Detection Guidance

• Review web server logs for anomalous parameters containing metacharacters such as ;, &&, |, $(), and suspicious base64 blobs posted to administrative endpoints.
• Hunt for child processes spawned from the Apex One web service process (e.g., w3wp.exe or service executables) invoking cmd.exe, powershell.exe, curl.exe, or certutil.exe.
• Correlate outbound connections from the console host to unfamiliar IPs or dynamic DNS domains immediately following web requests.

Mitigation and Hardening

• Apply the latest vendor patches addressing CVE‑2025‑54948/54987 and verify build numbers post-update.
• Remove direct internet exposure of the console; require VPN or zero trust access with MFA.
• Enforce allow-list egress from the console host; block script interpreters from spawning network utilities via AppLocker or WDAC.
• Rotate credentials for the console’s database accounts and any service accounts discovered on the host.

Incident Response Considerations

If compromise is suspected, acquire memory and disk images of the console, collect web and system event logs, and examine the agent distribution mechanism for malicious tasks. Consider re-deploying the console on a rebuilt host and re-enrolling agents with new signing keys or certificates.

ECScape: Cross-Task Credential Theft in Amazon ECS on EC2

New research disclosed a privilege escalation technique in Amazon ECS on EC2 dubbed “ECScape,” where a low-privilege task can steal IAM credentials from co-located tasks by abusing the internal agent control channel and EC2 metadata access. The issue hinges on task co-tenancy and insufficient isolation of the agent messaging path, enabling lateral credential extraction without container breakout exploits.

Cloud Architecture Background

In ECS on EC2, tasks run as containers on EC2 instances with the ECS agent mediating control via an internal channel. Tasks fetch temporary AWS credentials either via the ECS Task Metadata Endpoint or the EC2 Instance Metadata Service (IMDS), depending on configuration. Shared network namespaces or misconfigured iptables rules can expose sensitive endpoints.

Technique Mechanics

• Discovery of an undocumented or weakly restricted WebSocket-style control channel used by the ECS agent to coordinate tasks.
• From a compromised task, relay requests to the agent or intercept traffic to reach the Task Metadata Endpoint of neighboring tasks.
• Use obtained task role credentials to access higher-privilege AWS APIs, enabling privilege escalation within the account.

Impact and Preconditions

• Applies to ECS clusters backed by EC2 where tasks are co-located on the same instance and task roles differ in privilege.
• Risk increases with bridge networking, host networking, or non-hardened iptables where localhost-bound metadata proxies become reachable by peers.
• Environments using IMDSv1 or permissive IMDSv2 hop limits face greater exposure to SSRF-style pivots.

Detection and Forensics

• Monitor VPC flow logs and container runtime logs for inter-container access to 169.254.170.2 (ECS Task Metadata) or 169.254.169.254 (IMDS).
• Audit CloudTrail for anomalous API calls using short-lived credentials not associated with the expected task ARNs or services.
• Inspect ECS agent logs for unexpected control messages, connection attempts, or errors originating from task IPs.

Mitigation

• Enforce task-level network isolation using awsvpc networking and security groups per task.
• Constrain task roles with least privilege and implement service control policies to limit blast radius.
• Require IMDSv2, set hop limit to 1, and block container access to metadata endpoints unless necessary.
• Consider Fargate for stronger isolation if compatible with workload requirements.

Red Team Reproduction Notes

Within a task, scan for open local ports exposed by sidecar proxies. Attempt requests to 169.254.170.2/task or sockets advertised by the ECS agent. If reachable, enumerate task credentials and test privilege boundaries by invoking sts:GetCallerIdentity and listing resources outside the originating task’s scope.

AgentFlayer: Zero- and One-Click Prompt Injections Against AI Agents

Researchers unveiled a series of prompt-injection techniques, dubbed “AgentFlayer,” that compromise autonomous and semi-autonomous AI agents to exfiltrate credentials, internal documents, and conversation history with zero or one user interaction. By embedding adversarial content into files, web pages, or tool outputs, attackers steer agents to perform sensitive actions outside intended policy.

Threat Model

Modern agents integrate retrieval, browsing, code execution, and connectors to internal systems. The attack surface includes untrusted content ingested by tools and the agent’s ability to follow instructions that override safety guardrails. Zero-click variants trigger when background automations fetch content; one-click variants require a user to open a poisoned artifact.

Techniques and Payloads

• Steganographic instructions hidden in HTML comments, CSS, or document metadata that direct the agent to read secrets from environment variables or config files.
• Data exfiltration through covert channels such as DNS queries, image alt text, or commit messages produced by code tools.
• Tool pivoting where the agent is induced to invoke connectors (e.g., SharePoint, Jira, GitHub) and export data to attacker-controlled endpoints.

Defensive Controls

• Strict tool permissioning with human-in-the-loop approvals for data-moving actions and cross-domain requests.
• Content provenance and signed inputs for high-risk workflows; sanitize HTML, markdown, and PDFs before ingestion.
• Policy-enforced output filtering that detects and blocks data patterns (API keys, OAuth tokens, PII) from leaving the environment.
• Audit trails for agent actions with tamper-evident logging to reconstruct decision paths during incidents.

Testing and Validation

Develop red-team corpora of adversarial prompts embedded across file types and web sources. Continuously evaluate agent behavior with canary secrets and alert on retrieval or exfiltration attempts. Use model- and policy-level classifiers to downweight or quarantine untrusted instructions.

Bouygues Telecom Confirms Data Exposure Impacting 6.4 Million Customers

Bouygues Telecom disclosed that attackers accessed customer contact details, contract data, and IBANs for 6.4 million accounts. While passwords and card numbers were reportedly not compromised, the exposure of IBANs and personal identifiers increases the risk of targeted fraud, social engineering, and unauthorized debits in affected regions.

Incident Scope

The breach involves sensitive billing and identity-adjacent data sufficient for convincing phishing and potential SEPA direct debit abuse where controls are weak. The dataset’s richness enables correlating names, addresses, and banking identifiers.

Threats and Abuse Scenarios

• Spear-phishing referencing exact contract details to bypass customer suspicion.
• SIM-swap attempts using corroborating PII from contracts.
• Fraudulent mandate creation in banking systems exploiting exposed IBANs, subject to regional protections.

Recommended Actions for Affected Customers

• Enable transaction alerts and monitor bank statements; dispute unauthorized debits immediately.
• Beware of emails or calls citing precise contract data; validate through official channels.
• Rotate security questions and review account recovery paths with the carrier.

Enterprise and Carrier Mitigations

• Enforce strict access controls and anomaly detection on CRM systems holding financial identifiers.
• Adopt field-level encryption and tokenize bank identifiers at rest and in logs.
• Implement data minimization and segregate high-risk attributes from general customer support views.

Microsoft 365 To Block Legacy File-Open Protocols; Outlook Retires Inline SVG

Microsoft announced that Microsoft 365 apps will block insecure legacy file-open protocols by default starting version 2508, and Outlook for Web and the new Outlook for Windows will retire inline SVG rendering in September 2025. These hardening moves reduce attack surface leveraged by phishing, document lures, and HTML/SVG-based malware delivery.

Protocol Blocking Details

Deprecated protocols include FrontPage RPC (FPRPC), FTP, and HTTP for certain open operations. Administrators gain new Trust Center controls to manage exceptions, but default posture shifts to deny, limiting accidental exposure to downgrade and relay attacks initiated via document links.

Outlook SVG Change

Inline SVG has been a vehicle for script-like behaviors and filter abuse in some clients. Disabling inline rendering aligns Outlook with restrictive clients, curbing payloads hidden in SVG images embedded in phishing emails.

Security Impact and Guidance

• Expect breakage in legacy workflows relying on FPRPC/FTP; audit templates and add explicit allow-lists only where necessary.
• Update security awareness to reflect reduced exploitability of SVG lures but continued risk from other image and HTML vectors.
• Use Safe Links/Attachments and disable legacy authentication to complement the protocol hardening.

Nearly 30,000 Microsoft Exchange Servers Still Exposed to CVE‑2025‑53786

Shadowserver telemetry indicates more than 29,000 Microsoft Exchange servers remain unpatched for CVE‑2025‑53786 as of August 10, 2025, leaving organizations open to privilege escalation paths from on‑prem Exchange to cloud tenants. The vulnerable path enables attackers to abuse hybrid connectors or synchronization mechanisms to elevate access into Microsoft 365 environments.

Risk Profile

Attackers can chain on‑prem footholds with cloud misconfigurations to gain mailbox access, OAuth token minting, or admin role assignment. Countries with the highest concentration include the U.S., Germany, Russia, France, the U.K., and Austria.

Defensive Priorities

• Apply the April 2025 hotfix and validate with external scans or vendor-provided detection scripts.
• Review hybrid configuration, disable unused connectors, and enforce Conditional Access with device compliance checks.
• Hunt for anomalous mailbox rule creation, OAuth consent grants, and directory role changes following server access events.

ScarCruft (APT37) Linked to Ransomware Deployment in New Campaign

North Korea–aligned ScarCruft has been linked for the first time to a campaign culminating in ransomware deployment, expanding beyond its traditional espionage profile. The chain uses malicious LNK files in RAR archives to deliver multiple payloads, including credential stealers, backdoors, and a final-stage VCD ransomware encryptor.

Kill Chain Components

• Initial access via spear-phishing with archive attachments containing weaponized LNKs.
• Payload staging to deploy LightPeek and FadeStealer for reconnaissance and data theft.
• Backdoor deployment with NubSpy and CHILLYCHINO for command-and-control and persistence.
• Ransomware execution to monetize intrusions and impede response.

Detection Opportunities

• Block LNK execution from user-writable paths; flag RAR extraction spawning script interpreters or LOLBins.
• Detect registry and filesystem artifacts of the named payload families and monitor for sudden spikes in file rename/write operations.
• Network detection for C2 infrastructure associated with ScarCruft and unusual exfiltration patterns preceding encryption events.

Mitigation

• Disable or restrict archive execution via email; use content disarm for LNK and shortcut types.
• Apply application control to prevent LOLBins from reaching out to the internet.
• Maintain offline, immutable backups and tested restore processes.

Active Exploitation of Microsoft SharePoint Vulnerabilities: Updated Guidance

CISA released updated guidance and a Malware Analysis Report covering exploitation of multiple Microsoft SharePoint vulnerabilities, including CVE‑2025‑49704, CVE‑2025‑49706, CVE‑2025‑53770, and CVE‑2025‑53771. The activity includes deployment of new webshell families, evolving TTPs, and in some cases ransomware post‑exploitation, prompting urgent patching and hardened IIS configurations.

Technical Overview

Attackers leverage network spoofing and input validation flaws to gain initial code execution on SharePoint servers. Post‑compromise, they drop webshells for persistence, enumerate service accounts, and pivot via SharePoint’s integration points to backend databases or file shares. Updated indicators and signatures target six malware samples tied to these intrusions.

Defensive Recommendations

• Apply vendor updates for the enumerated CVEs and validate build levels.
• Harden IIS by disabling unnecessary modules, enforcing request filtering, and isolating application pools.
• Deploy EDR rules tailored to known webshell paths and behaviors and monitor for unusual w3wp.exe child processes.
• Restrict outbound egress from SharePoint servers and rotate credentials for linked service accounts.

IR Playbook Enhancements

Include automated sweeps for webshell artifacts across content directories, integrity checks of SharePoint solution packages, and restoration procedures for corrupted content databases if ransomware is detected in downstream systems.