{"id":252468,"date":"2026-05-22T09:39:00","date_gmt":"2026-05-22T13:39:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/22\/trend-micro-warns-of-apex-one-zero-day-exploited-in-the-wild\/"},"modified":"2026-05-22T10:15:09","modified_gmt":"2026-05-22T14:15:09","slug":"trend-micro-warns-of-apex-one-zero-day-exploited-in-the-wild","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/22\/trend-micro-warns-of-apex-one-zero-day-exploited-in-the-wild\/","title":{"rendered":"Trend Micro warns of Apex One zero-day exploited in the wild"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/trend-micro-warns-of-apex-one-zero-day-exploited-in-attacks\/\">Trend Micro warns of Apex One zero-day exploited in the wild<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/trend-micro-warns-of-apex-one-zero-day-exploited-in-attacks\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/trend-micro-warns-of-apex-one-zero-day-exploited-in-attacks\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-22 09:39:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems.<\/p>\n<p>Apex One is Trend Micro&#8217;s enterprise-grade endpoint security platform that protects corporate networks from a wide range of security threats, including malware, ransomware, fileless attacks, and web-based threats.<\/p>\n<p>Tracked as CVE-2026-34926, this directory traversal vulnerability in the Apex One (on-premises) server allows local attackers with admin privileges to inject malicious code.<\/p>\n<p>&#8220;A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations,&#8221; Trend Micro saidon Thursday.<\/p>\n<p>&#8220;This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.&#8221;<\/p>\n<p>However, despite the restrictive requirements for successful exploitation, the company warned that &#8220;TrendAI has observed at least one attempt to exploit this vulnerability in the wild.&#8221;<\/p>\n<h2>Federal agencies ordered to patch within three weeks<\/h2>\n<p>Yesterday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added CVE-2026-34926 to its list of actively exploited vulnerabilities and ordered federal agencies to patch their devices by June 4.<\/p>\n<p>&#8220;These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,&#8221; CISA warned. &#8220;Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.&#8221;<\/p>\n<p>On Thursday, Trend Micro also released security updates to address seven local privilege escalation vulnerabilities in the Apex One Standard&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/trend-micro-warns-of-apex-one-zero-day-exploited-in-attacks\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Trend Micro warns of Apex One zero-day exploited in the wild https:\/\/www.bleepingcomputer.com\/news\/security\/trend-micro-warns-of-apex-one-zero-day-exploited-in-attacks\/ Publish Date: 2026-05-22&#8230;<\/p>\n","protected":false},"author":1,"featured_media":252469,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2026\/05\/22\/Trend-Micro.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,32,27],"class_list":["post-252468","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252468"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=252468"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252468\/revisions"}],"predecessor-version":[{"id":252470,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252468\/revisions\/252470"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/252469"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=252468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=252468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=252468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}