WebSphere Application Server Remote Code Execution Vulnerability (CVE-2025-36038)
July 1, 2025
Overview Recently, NSFOCUS CERT detected that IBM issued a security bulletin to fix the WebSphere Application Server remote code execution vulnerability (CVE-2025-36038); Due to a flaw in WebSphere Application Server’ s validation of user-entered data, an unauthenticated attacker could execute arbitrary code on the target system by constructing malicious serialized data. CVSS score 9.0, please […]
NSFOCUS APT Monthly Briefing – May 2025
June 27, 2025
Regional APT Threat Situation In May 2025, the global threat hunting system of Fuying Lab discovered a total of 44 APT attack activities. These activities are mainly distributed in South Asia, Eastern Europe, East Asia, West Asia, Southeast Asia and as shown in the following figure. In terms of group activity, the most active APT […]
The Hacktivist Cyber Attacks in the Iran-Israel Conflict
June 26, 2025
Overview of the current cyber attacks in the Iran-Israel conflict The geopolitical confrontation between Iran and Israel has a long history. In recent years, as the competition between the two countries in the military, nuclear energy and diplomatic fields has been escalating. On June 13, 2025, the IDF launched a large-scale military operation against Iran. […]
Gogs Remote Command Execution Vulnerability (CVE-2024-56731)
June 26, 2025
Overview Recently, NSFOCUS CERT detected that Gogs issued a security bulletin and fixed the Gogs remote command execution vulnerability (CVE-2024-56731); Due to the incomplete CVE-2024-39931 fix, an authenticated attacker can delete files in the .git directory through symbolic links and execute arbitrary commands on the Gogs instance using the account permissions specified by RUN_USER in […]
NSFOCUS was Selected as a Representative Provider of Gartner® “Innovation Insight: Adversarial Exposure Validation in China”
June 24, 2025
SANTA CLARA, Calif., June 24, 2025 – Recently, Gartner released the 2025 “Innovation Insight: Adversarial Exposure Validation in China”¹, NSFOCUS was selected as a Representative Provider for its adversarial exposure validation (AEV) capability in the continuous threat exposure management (CTEM) service. Why has ASM become a pain point for enterprises? Asset data is scattered and lacks […]
Boost Your Cyber Defense with NSFOCUS Integrated Threat Intelligence (NTI)
June 18, 2025
In today’s rapidly evolving cybersecurity landscape, staying ahead of threats is not just a challenge, it’s a necessity. At NSFOCUS, we are committed to providing users with the most advanced and comprehensive threat intelligence solutions to safeguard the organization against the ever-growing spectrum of cyber threats. NSFOCUS threat intelligence (NTI) is complemented by integration with […]
NSFOCUS Ranks among the Top Vendors in China Security Service Market
June 17, 2025
SANTA CLARA, Calif., June 17, 2025 – Recently, IDC officially released the China IT Security Service Market Tracking Report (2024H2). The report shows that NSFOCUS has outstanding performance in the security consulting service market, ranking the 3rd place. NSFOCUS has always adhered to a customer-centric approach, continued to increase the integration and innovation of AI […]
NSFOCUS Earns ISO 27701:2019 Privacy Information Management System Certification
June 13, 2025
Santa Clara, Calif. Jun 13, 2025 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced today that it has attained ISO 27701:2019 Privacy Information Management System (PIMS) certification. ISO/IEC 27701 extends the ISO/IEC 27001 information security management system to address global privacy protection needs, establishing a unified international standard for information security, privacy, […]
Microsoft’s Security Update in June of High-Risk Vulnerability Notice for Multiple Products
June 12, 2025
Overview On June 11, NSFOCUS CERT detected that Microsoft released a security update patch for June, fixing 67 security issues involving widely used products such as Windows, Microsoft Office, Azure, and Microsoft Visual Studio, including high-risk vulnerability types such as privilege escalation and remote code execution. Of the vulnerabilities fixed in Microsoft’s monthly update this […]
Apache Kafka Arbitrary File Read and SSRF Vulnerability (CVE-2025-27817)
June 11, 2025
Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the arbitrary file read and SSRF vulnerabilities in Apache Kafka (CVE-2025-27817); Because the Apache Kafka client does not strictly validate and restrict user input, an unauthenticated attacker can elevate the file system/environment/URL access rights of the REST API by constructing malicious configurations […]
