Endpoint Security Trend Micro Patches Critical Apex One Vulnerabilities TrendAI has fixed eight critical and high-severity issues in Windows and macOS endpoint security products. By Eduard Kovacs | February 26, 2026 (4:56 AM ET) Flipboard Reddit Whatsapp Whatsapp Email TrendAI, the new name of Trend Micro’s enterprise business, on Wednesday announced patches for several critical and high-severity vulnerabilities found in the Windows and macOS versions of the Apex One endpoint security solution. A total of eight vulnerabilities have been addressed, including two with a critical severity rating based on their CVSS scores. The critical flaws both impact the Trend Micro Apex One management console and “could allow a remote attacker to upload malicious code and execute commands on affected installations”. These security holes, tracked as CVE-2025-71210 and CVE-2025-71211, are similar in scope, but they impact different executables, the cybersecurity firm noted in its advisory . The remaining vulnerabilities — all assigned a high severity rating — can be exploited by an attacker who already has access to the targeted system to escalate privileges. The high-severity issues have been assigned the CVE identifiers CVE-2025-71212 through CVE-2025-71217. Advertisement. Scroll to continue reading. “Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date,” TrendAI explained. All of the vulnerabilities were reported to TrendAI through the Zero Day Initiative (ZDI). Patches are available for the on-premises versions; users of SaaS versions of Apex One do not need to take any action. TrendAI is not aware of in-the-wild exploitation, but it’s not uncommon for threat actors to exploit vulnerabilities in Apex products. CISA’s Known Exploited Vulnerabilities (KEV) catalog currently includes 10 CVEs associated with flaws affecting Apex products. Attribution information is rarely made public, but some attacks have been linked to Chinese hackers . Related : Trend Micro Patches Critical Code Execution Flaw in Apex Central Related : Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs Related : Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site Claude’s New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging VMware Aria Operations Vulnerability Could Allow Remote Code Execution Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach PayPal Data Breach Led to Fraudulent Transactions Critical Grandstream Phone Vulnerability Exposes Calls to Interception BeyondTrust Vulnerability Exploited in Ransomware Attacks Latest News Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers The Blast Radius Problem: Stolen Credentials Are Weaponizing Agentic AI Google Disrupts Chinese Hackers Targeting Telecoms, Governments SolarWinds Patches Four Critical Serv-U Vulnerabilities Medical Device Maker UFP Technologies Hit by Cyberattack Ex-US Defense Contractor Executive Jailed for Selling Exploits to Russia CarGurus Data Breach Impacts Over 12 Million Users SecurityWeek Report: 426 Cybersecurity M&A Deals Announced in 2025 Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit People on the Move Menlo Security has named Bill Robbins as Chief Executive Officer. Axonius has named a new CMO and a new AFS leader. Wealth management platform Envestnet announced the appointment of Rich Friedberg as CISO. More People On The Move Expert Insights How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) The Upside Down is Real: What Stranger Things Teaches Us About Modern Cybersecurity To all those who are fighting the good fight in the world of cyber, keep collaborating to ensure our world never succumbs to the chaos of the Upside Down. (Nadir Izrael) Flipboard Reddit Whatsapp Whatsapp Email