Trend Micro Apex One Management Console Vulnerabilities Under Active Exploitation
Two critical command-injection vulnerabilities in the Trend Micro Apex One Management Console (CVE-2025-54948 and CVE-2025-54987) are being actively exploited in the wild, prompting urgent advisories for organizations using the platform. Attackers are using these flaws to execute arbitrary commands on affected endpoints and potentially obtain full system control.
Technical Details
The vulnerabilities stem from improper handling of user-supplied inputs within specific API endpoints used by the Apex One Management Console. By crafting malicious requests, threat actors can bypass authentication requirements and execute arbitrary system-level commands on the host, enabling lateral movement within the internal network.
Notably, exploitation does not require prior knowledge of system credentials or administrative privileges; attacks are triggered simply by sending a specially crafted request to the API endpoint exposed on the network.
Attack Vectors and Impact
Attackers are leveraging automated tools to scan for vulnerable instances exposed to the public internet. Once compromised, the affected systems may be used for data exfiltration, deployment of ransomware, or insertion into larger botnets. Organizations, especially those with hybrid or cloud-managed infrastructures relying on Trend Micro solutions, are at elevated risk.
Mitigation and Response Measures
Trend Micro has released urgent security patches and recommends immediate installation. Security teams are urged to monitor for unusual traffic to and from Apex One appliances and scrutinize authentication logs for unknown API requests. Restricting network exposure of management interfaces and implementing strict access controls are essential immediate defenses.
Privilege Escalation Discovered in Amazon ECS Containers: ‘ECScape’
A newly disclosed vulnerability named ECScape allows low-privilege containers running on EC2-backed Amazon ECS clusters to steal AWS IAM credentials from co-located tasks. The exposure affects task isolation and threatens the foundational security assurances of containerized cloud deployments.
Mechanism and Scope
The attack leverages an undocumented WebSocket channel, part of the ECS Agent Communication Service (ACS), combined with the EC2 Instance Metadata Service (IMDS). By abusing this inadvertent communication path, an attacker gains unauthorized access to the credentials and permissions of other tasks on the same instance.
This flaw fundamentally breaks the isolation expected between independent ECS tasks. Attackers exploiting ECScape can pivot across containers, escalate privileges, and harvest sensitive secrets and tokens critical to cloud operations.
Technical Impact
The most at-risk environments are shared tenancy ECS clusters with heterogeneous workloads. Malicious containers, even those launched with minimal privileges, can potentially compromise the entire container instance, access other application data, and disrupt workflow automation.
Mitigation Recommendations
Cloud security teams are advised to implement strict task placement constraints, restrict usage of shared instances, upgrade ECS and agent components, and monitor for anomalous WebSocket activity. AWS is expected to issue additional hardening guidance and patches following public disclosure.
AgentFlayer: Wide-Ranging Prompt Injection Attacks Against Leading AI Assistants
Security researchers have unveiled AgentFlayer, a new family of prompt injection exploits that affect popular AI-assistant platforms including ChatGPT, Microsoft Copilot Studio, and Cursor. These exploits are both zero-click and one-click in nature, able to target both human and agent-initiated conversations, harvesting credentials, exfiltrating documents, and leaking chat histories.
Exploit Capabilities
AgentFlayer manipulates the behavior of large language model (LLM)-powered agents by inserting invisible or malformed prompts into conversations. These prompts, undetectable by average users, force the targeted AI agent to perform unintended actions such as:
- Silently sending internal credentials or secrets to external listeners
- Exporting sensitive documents or privileged information
- Persistently leaking conversation history to malicious parties
The attacks can be launched via direct chat entries, document uploads, or code injection into collaborative environments that integrate with LLM agents.
Technical Analysis
The exploits bypass traditional input sanitization by leveraging the context retention and historical memory features of LLM-powered systems. Advanced techniques exploit the underlying token parsing logic and permit credential or data exfiltration without raising user suspicion.
Preventive Strategies
Developers and security teams must improve input validation and sanitize historical context management in LLM agent frameworks. Additional controls such as output filtering, red-team prompt testing, and limiting agent permissions can reduce exploitation risk.
Bouygues Telecom Data Breach Impacts 6.4 Million French Customers
Bouygues Telecom, a major French telecom operator, has disclosed a significant data breach after adversaries accessed information belonging to 6.4 million customers. The compromised data includes contact details, contract information, and IBAN numbers, raising serious concerns about increased fraud and regulatory scrutiny.
Incident Details and Data Sensitivity
The attackers obtained access to customer names, addresses, phone numbers, email addresses, and unique IBAN identifiers. Although no passwords or credit card numbers were reported as stolen, the presence of IBANs heightens risks of targeted social engineering, fraud, and identity theft.
Forensic Findings and Regulatory Context
Bouygues is working closely with French regulators and affected individuals to mitigate further exposure and monitor for possible follow-on attacks. France’s strict privacy legislation and the broader EU regulatory environment demand swift remediation, accurate breach disclosure, and enhanced internal controls to avoid financial and legal penalties.
Response and Remediation
Customers are being contacted with recommendations for increased vigilance, regular account monitoring, and additional authentication for sensitive transactions. Bouygues has implemented additional detection mechanisms and is working to improve access-security protocols across its digital infrastructure.
Microsoft August 2025 Patch Tuesday: Multiple High-Severity Flaws Addressed
Microsoft’s August 2025 Patch Tuesday addressed 111 vulnerabilities, including multiple critical exploits such as the ‘BadSuccessor’ Windows Kerberos zero-day and several remote code execution (RCE) flaws across core Windows and Azure components.
Highlights and Technical Descriptions
- BadSuccessor (Kerberos zero-day): Allows attackers with access to a Windows Server 2025 domain controller to fully compromise Active Directory domains by abusing weak cross-DC trust logic during Kerberos authentication.
- CVE-2025-53767 (Azure OpenAI EoP): Lets attackers elevate privileges within Azure OpenAI instances, potentially accessing sensitive data or service functionality.
- CVE-2025-53766 (GDI+): Enables remote code execution when rendering crafted image files on vulnerable Windows hosts, affecting a wide range of devices.
- CVE-2025-50165 (Windows Graphics): Another critical RCE vulnerability in Windows image processing components, posing threats via malicious documents, email attachments, and web downloads.
Deployment Guidance
Administrators are advised to inventory affected assets, prioritize patching of public-facing or internet-accessible systems, and disable unnecessary domain controller exposures until patches are confirmed and validated in their production environments.
Russian-Linked Sabotage of Norwegian Dam Attributed to State-Backed Hackers
The Norwegian intelligence community has formally attributed sabotage of a critical dam infrastructure in April to Russian state-backed hackers. This operation highlights the continuing escalation of cyber-physical attacks against Europe’s core energy and water systems.
Attack Chain and Tactics
The campaign involved initial penetration via spear-phishing campaigns targeting dam control engineers, followed by lateral movement using legitimate credentials harvested from compromised endpoints. The attackers issued unauthorised commands to ICS/SCADA systems, resulting in a controlled but unprecedented operational disruption.
Geopolitical and Security Context
The incident underscores the persistent targeting of critical infrastructure by sophisticated nation-state actors and illustrates the risks to operational technology environments with legacy or poorly segmented control systems. Norwegian authorities are reviewing cyber-defense posture and accelerating deployment of advanced network segmentation, intrusion detection, and threat hunting capabilities tailored to industrial environments.
