Attackers Exploit Critical Trend Micro Apex One Zero-Day Flaw

Trend Micro disclosed two critical zero-day command-injection vulnerabilities (CVE-2025-54948 and CVE-2025-54987) in the Apex One Management Console for Windows that can lead to remote code execution and full control of enterprise security infrastructure; at least one exploitation attempt has been observed in the wild, cloud services have been patched, and on-premise fixes and mitigations are being released.