At a glance.
- US Justice Department arrests two Chinese nationals accused of exporting Nvidia AI chips.
- Trend Micro warns of actively exploited zero-day in its Apex One platform.
- Google discloses breach of Salesforce instance.
US Justice Department arrests two Chinese nationals accused of exporting Nvidia AI chips.
The US Justice Department has arrested two Chinese nationals accused of illegally exporting tens of millions of dollars' worth of microchips used for AI processing, including Nvidia’s H100 general processing units, CNBC reports. The defendants allegedly shipped the chips to China without obtaining an export license from the US Commerce Department. One of the individuals is a lawful permanent resident in the US, while the other had overstayed her visa.
The Justice Department stated, "[F]rom October 2022 to July 2025, the defendants – through their El Monte-based company, ALX Solutions Inc. – knowingly and willfully exported from the United States to China sensitive technology, including graphic processing units (GPUs) – specialized computer parts used for modern computing – without first obtaining the required license or authorization from the U.S. Department of Commerce. According to the complaint, ALX Solutions Inc. was founded shortly after the Commerce Department began requiring licenses for the advanced microchips that Yang and Geng are alleged to have illegally exported."
Trend Micro warns of actively exploited zero-day in its Apex One platform.
Trend Micro has released a mitigation tool for an actively exploited remote code execution flaw affecting its Apex One endpoint security platform, BleepingComputer reports. The vulnerability is tracked as CVE-2025-54948 or CVE-2025-54987, depending on the CPU architecture, and has been assigned a severity score of 9.4. Trend Micro is still working on a patch, and urges customers to use the mitigation tool in the meantime. The company says the tool "is a short-term mitigation, and while it will fully protect against known exploits, it will disable the ability for administrators to utilize the Remote Install Agent function to deploy agents from the Trend Micro Apex One Management Console."
Google discloses breach of Salesforce instance.
Google has disclosed that the ShinyHunters extortion group breached one of its Salesforce databases and stole contact information for small and medium businesses, TechCrunch reports. ShinyHunters has been using voice phishing (vishing) attacks to target victims' Salesforce instances, recently breaching Adidas, Qantas, Allianz Life, Chanel Louis Vuitton, Dior, and Tiffany & Co., according to BleepingComputer. Google itself described this wave of ShinyHunters attacks in June. The company said in an update yesterday that "one of Google’s corporate Salesforce instances was impacted by similar UNC6040 activity described in this post." The company notes that most of the compromised data is publicly available business information.
