Security News > 2021 > August > Trend Micro Confirms In-the-Wild Zero-Day Attacks
Security vendor Trend Micro has issued a warning for in-the-wild zero-day attacks hitting customers using its Apex One and Apex One as a Service products.
In a security bulletin released quietly on July 28, Trend Micro rolled out patches for at least four documented vulnerabilities alongside a warning that malicious attackers are already launching exploits against two of the security defects.
Trend Micro did not provide any additional information on the in-the-wild attacks.
The Trend Micro bulletin, rated critical, documents four security flaws - CVE-2021-32464, CVE-2021-32465, CVE-2021-36741, and CVE-2021-36742 - affecting the Trend Micro Apex One and Apex One as a Service on Windows.
This is not the first time Trend Micro has warned customers that a vulnerability in one of its products has been exploited in live malware attacks.
Trend Micro also issued a warning in March 2020, when it learned that two vulnerabilities affecting Apex One and OfficeScan had been exploited in the wild.
News URL
Related news
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-04 | CVE-2021-32465 | Improper Preservation of Permissions vulnerability in Trendmicro Apex ONE and Officescan An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. | 8.8 |
| 2021-08-04 | CVE-2021-32464 | Incorrect Default Permissions vulnerability in Trendmicro Apex ONE and Officescan An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. | 7.8 |
| 2021-07-29 | CVE-2021-36742 | Unspecified vulnerability in Trendmicro products A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. | 7.8 |
| 2021-07-29 | CVE-2021-36741 | Unrestricted Upload of File with Dangerous Type vulnerability in Trendmicro products An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. | 8.8 |