High Risk Warning for Windows Ecosystem: New Botnet Family HTTPBot is Expanding
May 12, 2025
Overview In April 2025, the Global Threat Hunting system of NSFOCUS Fuying Lab detected a significant increase in the activity of a new Botnet Trojan developed based on Go language. Given that many of its built-in DDoS attack methods are HTTP-based, Fuying Lab named it HTTPBot. The HTTPBot Botnet family first came into our monitoring […]
Elastic Kibana Prototype Contamination Leads to Arbitrary Code Execution Vulnerability (CVE-2025-25014)
May 9, 2025
Overview Recently, NSFOCUS CERT detected that Elastic issued a security bulletin to fix the arbitrary code execution vulnerability caused by Elastic Kibana prototype contamination (CVE-2025-25014); Due to the prototype contamination problem in Kibana, an attacker with specific role privileges can bypass the authentication mechanism by constructing specially crafted file uploads and specific HTTP requests to […]
Two Battlegrounds: India-Pakistan Conflicts and DDoS Attacks
May 8, 2025
Background Monitoring data from the Global Threat Hunting System of NSFOCUS Fuying Lab shows that since the terrorist attack on tourists in Pahargam Town, Indian-controlled Kashmir on April 22, 2025 (killing 26 people), there has been a significant surge in DDoS attacks between India and Pakistan. This escalation of cyber confrontation is highly consistent with […]
NSFOCUS ISOP: Reshaping Security Operations with Autonomous SOC
April 29, 2025
In the daily operations of traditional Security Operations Centers (SOCs), operators often face two major challenges: NSFOCUS ISOP leverages AI and LLM technologies include NSFGPT and Deepseek to build a autonomous security operations system covering all stage of SOC operations: detection – analysis – response – monitoring. Our aim is: SOC Engineers + SecLLM = Senior Security Experts […]
NSFOCUS ISOP Receives International Recognition: AI Drives Enterprise Security Operations from “Complex” to “Simple”
April 28, 2025
Santa Clara, Calif. April 27, 2025 – Recently, NSFOCUS Intelligent Security Operations Platform (NSFOCUS ISOP) was once again recognized by the internationally renowned consulting firm Frost & Sullivan and won the 2024 “Global Modern SIEM Technology Innovation Leadership Award”. Frost & Sullivan Best Practices Recognition awards companies each year in a variety of regional and global […]
NSFOCUS APT Monthly Briefing – March 2025
April 27, 2025
Regional APT Threat Situation Overview In March 2025, the global threat hunting system of NSFOCUS Fuying Laboratory discovered a total of 19 APT attack activities. These activities were mainly distributed in South Asia, East Asia, Eastern Europe, and South America, as shown in the following figure. In terms of group activity, the most active APT […]
RSAC 2025 Innovation Sandbox | Aurascape: Reconstructing the Intelligent Defense Line of AI Interactive Visibility and Native Security
April 25, 2025
Company Overview Aurascape is a cybersecurity startup founded in 2023 and headquartered in Santa Clara, California, USA. The company was co-founded by senior security experts and engineers from world-class technology companies such as Palo Alto Networks, Google, and Amazon. The team has deep expertise in the fields of network security, artificial intelligence, and network infrastructure, […]
RSAC 2025 Innovation Sandbox | Knostic: Reshaping the Access Control Paradigm for Enterprise AI Security
April 25, 2025
Introduction As generative artificial intelligence (GenAI) and large language models (LLM) rapidly penetrate corporate operations, data leakage and privacy risks have become major challenges faced by enterprises. Knostic, a startup founded in 2023, is providing enterprises with a layer of intelligent security protection with its innovative Need-to-Know access control technology to ensure the safe deployment […]
RSAC 2025 Innovation Sandbox | TwineSecurity: Digital Employees Drive Enterprise Security Construction
April 24, 2025
Company Overview Twine Security[1] is an AI startup focusing on cybersecurity. It was founded in 2024 by core team members of former network unicorn Claroty. The company is headquartered in Tel Aviv and Seattle, and currently has more than 20 employees. There are 4 co-founders of Twine Security, as shown in Figure 1, from left […]
RSAC 2025 Innovation Sandbox | Metalware: Focus on Embedded System Firmware Security
April 24, 2025
Company Overview Metalware is the name of the company and also the name of a set of software. It mainly performs decomposition, simulation and fuzz testing on embedded firmware. Its entry point is very accurate because there is no existing open source tool that can simultaneously complete the component analysis and fuzz testing of embedded […]
