Ivanti Endpoint Manager Mobile Authentication Bypass and Remote Code Execution Vulnerability (CVE-2025-4427/CVE-2025-4428)
May 16, 2025
Recently, NSFOCUS CERT detected that Ivanti issued a security advisory to fix the authentication bypass and remote code execution vulnerabilities (CVE-2025-4427/CVE-2025-4428) in Ivanti Endpoint Manager Mobile (EPMM). At present, both 2 vulnerabilities have been found to be exploited in the wild. Please take measures to protect them as soon as possible. CVE-2025-4427: An authentication bypass […]
NSFOCUS WAF Selected in the 2025 Gartner® Market Guide for Cloud Web Application and API Protection
May 14, 2025
Santa Clara, Calif. May 14, 2025 – Recently, Gartner released the “Market Guide for Cloud Web Application and API Protection”[1], and NSFOCUS was selected as a Representative Vendor with its innovative WAAP solution. We believe this recognition reflects the technical accumulation and practical capabilities of NSFOCUS WAF in the field of cloud native security protection. Its […]
India-Pakistan Conflicts Escalating: Military Operations and DDoS Attacks Making Targeted Strikes
May 13, 2025
Background On May 7, 2025, NSFOCUS Fuying Lab released “Two-Front Confrontation: Parallel Narratives of India-Pakistan Reality Friction and Cyber DDoS Attacks“, which analyzed the DDoS attack activities in the early stage of India-Pakistan friction. This article is the second in this series, mainly analyzing the DDoS attack activities against India after May 7. May 7, […]
High Risk Warning for Windows Ecosystem: New Botnet Family HTTPBot is Expanding
May 12, 2025
Overview In April 2025, the Global Threat Hunting system of NSFOCUS Fuying Lab detected a significant increase in the activity of a new Botnet Trojan developed based on Go language. Given that many of its built-in DDoS attack methods are HTTP-based, Fuying Lab named it HTTPBot. The HTTPBot Botnet family first came into our monitoring […]
Elastic Kibana Prototype Contamination Leads to Arbitrary Code Execution Vulnerability (CVE-2025-25014)
May 9, 2025
Overview Recently, NSFOCUS CERT detected that Elastic issued a security bulletin to fix the arbitrary code execution vulnerability caused by Elastic Kibana prototype contamination (CVE-2025-25014); Due to the prototype contamination problem in Kibana, an attacker with specific role privileges can bypass the authentication mechanism by constructing specially crafted file uploads and specific HTTP requests to […]
Two Battlegrounds: India-Pakistan Conflicts and DDoS Attacks
May 8, 2025
Background Monitoring data from the Global Threat Hunting System of NSFOCUS Fuying Lab shows that since the terrorist attack on tourists in Pahargam Town, Indian-controlled Kashmir on April 22, 2025 (killing 26 people), there has been a significant surge in DDoS attacks between India and Pakistan. This escalation of cyber confrontation is highly consistent with […]
NSFOCUS ISOP: Reshaping Security Operations with Autonomous SOC
April 29, 2025
In the daily operations of traditional Security Operations Centers (SOCs), operators often face two major challenges: NSFOCUS ISOP leverages AI and LLM technologies include NSFGPT and Deepseek to build a autonomous security operations system covering all stage of SOC operations: detection – analysis – response – monitoring. Our aim is: SOC Engineers + SecLLM = Senior Security Experts […]
NSFOCUS ISOP Receives International Recognition: AI Drives Enterprise Security Operations from “Complex” to “Simple”
April 28, 2025
Santa Clara, Calif. April 27, 2025 – Recently, NSFOCUS Intelligent Security Operations Platform (NSFOCUS ISOP) was once again recognized by the internationally renowned consulting firm Frost & Sullivan and won the 2024 “Global Modern SIEM Technology Innovation Leadership Award”. Frost & Sullivan Best Practices Recognition awards companies each year in a variety of regional and global […]
NSFOCUS APT Monthly Briefing – March 2025
April 27, 2025
Regional APT Threat Situation Overview In March 2025, the global threat hunting system of NSFOCUS Fuying Laboratory discovered a total of 19 APT attack activities. These activities were mainly distributed in South Asia, East Asia, Eastern Europe, and South America, as shown in the following figure. In terms of group activity, the most active APT […]
RSAC 2025 Innovation Sandbox | Aurascape: Reconstructing the Intelligent Defense Line of AI Interactive Visibility and Native Security
April 25, 2025
Company Overview Aurascape is a cybersecurity startup founded in 2023 and headquartered in Santa Clara, California, USA. The company was co-founded by senior security experts and engineers from world-class technology companies such as Palo Alto Networks, Google, and Amazon. The team has deep expertise in the fields of network security, artificial intelligence, and network infrastructure, […]
