Insights from the DeepSeek Malicious Software Package Incident: Why Software Supply Chain Security Matters in Global AI Technology Competition
February 11, 2025
Background With the widespread application of AI technology, software supply chains are facing more complex and diverse security threats. Since January 2025, DeepSeek, as an emerging force in China’s AI industry, has suffered from series of cyberattacks. According to the analysis by NSFOCUS Security Lab, most attacks are from IP addresses in the United States. […]
Core Features in NSFOCUS RSAS R04F04 2-2
February 6, 2025
Continuous Improvement of Asset Detection Capability Asset detection refers to the process of tracking and mastering network assets. The detection covers hardware equipment such as network products and general computing equipment; system software such as operating systems and virtualization platforms; middleware such as databases, language environments and development frameworks; application software such as ERP and […]
The Supply Chain Security System of Low-altitude Economy
February 4, 2025
Previous posts: Security Risks of Low-altitude Economy The Network Security Business System of Low-altitude Economy The low-altitude economic supply chain security system aims to build an all-round security system from upstream to downstream. The upstream links ensure the safety at source by strictly controlling the supply of raw materials and key components. Implement trusted design […]
Core Features in NSFOCUS RSAS R04F04 1-2
February 2, 2025
In the new NSFOCUS RSAS version R04F04, we optimized several core features and functions. In this post, we will focus on the optimization of the product interface function process during the vulnerability scanning process. Efficient Asset Management Vulnerabilities are asset-based, so it is necessary to sort out the existing assets of users and manage them […]
The Network Security Business System of Low-altitude Economy
February 1, 2025
Previous post on security risks of low-altitude Economy: https://nsfocusglobal.com/security-risks-of-low-altitude-economy How to construct a comprehensive network security business system in the field of low-altitude economy? The purpose of network data security is to prevent leakage, resist attack and protect system and privacy. The operation of the low-altitude connection system contains massive information and data, so it […]
The Undercurrent Behind the Rise of DeepSeek: DDoS Attacks in the Global AI Technology Game
January 31, 2025
Background The rise of DeepSeek is undoubtedly a milestone in the development of AI technology in China. As a representative AI enterprise, DeepSeek has not only made breakthrough progress in technological innovation and commercial application, but also demonstrated the outstanding strength and great potential of Chinese technology enterprises in the global AI competition. However, as […]
Security Risks of Low-altitude Economy
January 28, 2025
The low-altitude economy is becoming an important force to promote economic growth by virtue of its innovative ability and huge development potential. From UAV logistics distribution to urban air traffic, from emergency rescue to aerial photography and mapping, the application scenarios of low-altitude economy have been continuously expanded, and the market scale has been expanding […]
Oracle WebLogic Server Remote Code Execution and Denial of Service Vulnerability (CVE-2025-21535/CVE-2025-21549)
January 23, 2025
Overview Recently, NSFOCUS CERT detected that Oracle has released a security announcement, in which the remote code execution and denial of service vulnerabilities of Oracle WebLogic Server have been fixed. Affected users should take protective measures as soon as possible. CVE-2025-21535: When the T3/IIOP protocol is enabled, an unauthenticated attacker sends a special request to […]
NSFOCUS Licensed for SOC and Pentest Service in Malaysia in Accordance with Cyber Security Act 2024
January 23, 2025
Santa Clara, Calif. January 23, 2025 – NSFOCUS, a global provider of intelligent hybrid security solutions, today announced that it has received two security service licenses from the National Cyber Security Agency (NACSA) of Malaysia, being one of the first licensed companies that can provide two crucial services in Malaysia: Managed SOC (Security Operations Center) […]
MongoDB Mongoose Search Injection Vulnerability (CVE-2025-23061)
January 21, 2025
Overview Recently, NSFOCUS CERT detected a security announcement issued by GitHub that fixed a search injection vulnerability (CVE-2025-23061) in Mongoose, which is an incomplete fix for CVE-2024-53900. Because Mongoose incorrectly handles the $where filter with match conditions in the populate() method, an unauthenticated attacker can manipulate a search injection when both queries are used, resulting […]
