Blog

As AI applications fully embrace the cloud, emerging components and complex supply chains—while offering convenience—have also led to a sharp rise in risks from configuration flaws and vulnerability exploitation, making the AI security landscape in the cloud increasingly severe. In response to this trend, NSFOCUS conducted analysis of 48 typical global data breach incidents in […]

Overview Recently, NSFOCUS CERT detected that GNU issued a security bulletin to fix the GNU InetUtils Telnetd remote authentication bypass vulnerability (CVE-2026-24061); Since the telnetd process does not effectively verify the USER environment variable value passed in from the client when calling /usr/bin/login, an unauthenticated attacker can construct a specially crafted USER environment variable value […]

SANTA CLARA, Calif., Jan 22, 2026 – Recently, International Data Corporation (IDC) released the report “China Large Language Model (LLM) Security Assessment Platform Vendor Technology Evaluation” (Doc#CHC53839325, October 2025). NSFOCUS was selected for this report based on its proven product performance and LLM security assessment methodology. With a comprehensive capability matrix built across model security, data […]

SANTA CLARA, Calif., Jan 21, 2026 – Recently, MarketsandMarkets™, a globally recognized market research and consulting firm, released its Global DDoS Protection and Mitigation Security Market Global Forecast to 2030 report, providing a comprehensive assessment of industry trends, technology evolution, and leading vendors worldwide. Based on its mature technology stack, comprehensive solution portfolio, and strong market […]

Overview On January 14, NSFOCUS CERT detected that Microsoft released the January Security Update patch, which fixed 112 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this […]

Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the Apache Struts external entity (XXE) injection vulnerability S2-069 (CVE-2025-68493); Because the XWork component of Apache Struts does not perform effective validation when parsing XML configuration, attackers can inject external entities by constructing malicious XML data to read sensitive server files, perform […]

Recently, the world-renowned market research firm Frost & Sullivan officially released a strategic report: Insights for CISOs: Challenges and Opportunities in the Software Supply Chain Security Space. In this report tailored for the global CISO community, NSFOCUS was featured among vendors offering Software Supply Chain Security (SSCS). The report provided an overview of NSFOCUS’s specialized […]

A segurança digital se tornou uma prioridade inegociável. Com o avanço da tecnologia, surgem também novas ameaças digitais e uma das mais perigosas é o ataque cibernético. Empresas, governos e até mesmo usuários comuns estão constantemente na mira de criminosos digitais que buscam explorar vulnerabilidades. Mas afinal, o que é ataque cibernético, quais são os […]

Regional APT Threat Situation In November 2025, the global threat hunting system of Fuying Lab detected a total of 28 APT attack activities. These activities were primarily concentrated in regions including South Asia and East Asia, with a smaller portion also found in Eastern Europe and Middle East. Some organizations remain unattributed to known APT […]

Recently, Forrester, a globally renowned independent research and advisory firm, released the report “Navigate The AI Agent Ecosystem In China, Forrester Research, October 2025[1].” NSFOCUS was successfully included in this report. In the report, Forrester identified four key technological trends: With the rapid advancement of Artificial Intelligence, AI Agent technology is deepening its application within […]