1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Trend Micro users beware - dangerous Apex One zero-day exploited

    From TechnologyDaily@1337:1/100 to All on Mon May 25 20:45:28 2026
    Trend Micro users beware - dangerous Apex One zero-day exploited in the wild

    Date:
    Mon, 25 May 2026 19:40:00 +0000

    Description:
    CISA has already added the flaw to its KEV database.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Trend Micro patches CVE202634926, a mediumseverity directory traversal flaw in Apex One (onprem) that lets local admins inject malicious code Despite requiring prior admin access, the bug is already being exploited in the wild, prompting urgent patching guidance CISA adds it to the KEV catalog, giving federal agencies until June 4 2026 to update or discontinue use per BOD 2201 directives A dangerous vulnerability in Trend Micros Apex One product is being actively abused in the wild, researchers have warned, urging users to apply the provided patch as soon as possible.

    Apex One is Trend Micros endpoint protection platform (EPP) built to protect enterprise devices from malware, ransomware, fileless attacks, and various other cyber-threats. It uses a combination of antivirus capabilities, behavioral analysis, machine learning, and EDR/XDR. It appears to be rather popular, with some sources counting the number of customers in the thousands. The company has now issued a patch for a directory traversal vulnerability in the on-prem variant of Apex One which could allow local actors (with admin privileges) to inject malicious code. Latest Videos From You may like Trend Micro warns of worrying security flaw allowing full Windows takeover, so
    patch now Adobe Reader users beware experts flag months-old security flaw using booby-trapped PDFs to scope out victims Microsoft confirms two major Defender security issues so update now or face possible attack Capturing tokens A directory traversal vulnerability in the Apex One (on-premise)
    server could allow a pre-authenticated local attacker to modify a key table
    on the server to inject malicious code to deploy to agents on affected installations, the NVD entry reads.

    This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.

    The bug is now tracked as CVE-2026-34926 and carries a severity score of 6.7/10 (medium).

    While it all points to a somewhat low-risk vulnerability, Trend Micro said that it saw at least one exploitation attempt, already. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
    all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    We dont know if one attempt is enough to get listed in CISAs Known Exploited Vulnerabilities (KEV) database, but the US agency just did that. Last Thursday, CISA disclosed a new entry in the catalog, giving Federal Civilian Executive Branch (FCEB) agencies a deadline of June 4 to apply the patch or stop using Apex One entirely.

    "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA
    said. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/trend-micro-users-beware-dangerous-apex -one-zero-day-exploited-in-the-wild


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)