Overview In early June 2026, the security community disclosed a number of AI-related security incidents, triggering a re-examination of the industry's security boundaries for AI agent systems. The Anthropic Claude Code network sandbox bypass vulnerability, rumors of related service anomalies, and AI toolchain-based attacks appeared in the same time window,...
Blog
NSFOCUS RSAS-SC: Unified Vulnerability Management + Distributed Scanning for Modern Enterprises
The Problem with Enterprise Scanning Today Most large organizations accumulate scanning tools the same way they accumulate technical debt—one department at a time, one isolated problem at a time. The result is a fragmented stack of siloed scanners that each see only a fraction of the network, produce reports in...
Microsoft’s Security Update in June of High-Risk Vulnerability Notice for Multiple Products
Overview On June 9, NSFOCUS CERT detected that Microsoft released a security update patch for June, fixing 206 security issues involving widely used products such as Windows, Microsoft Office, Microsoft Exchange Server, Visual Studio Code, Azure, etc., including remote code execution vulnerabilities, High-risk vulnerability types such as information leakage vulnerabilities...
AI Security Incident Case: Account Takeover Due to Meta AI Support Assistant Authorization Flaw
Overview Between late May and early June 2026, several high-profile Instagram accounts were reportedly taken over by attackers, including Barack Obama's White House account, the personal account of U.S. Space Force Chief Master Sergeant Bentivegna, and the official account of beauty brand Sephora. Security researchers later discovered videos and screenshots...
AI Security Incident Case: Both Grok and Gemini Hallucinated When Verifying Minab Cemetery Photo
Overview A core risk within AI security threats lies in the reliability of AI models, manifested as distorted outputs, hallucinations, and the generation of misleading content. While these issues may seem like mere technical flaws, they have evolved into tangible harms in real-world information ecosystems. AI-generated misinformation can be presented...
NSFOCUS AI-PTS: Safeguarding Web Applications Through Dual-Mode Architecture
Traditional penetration testing tools are effective at identifying explicit technical vulnerabilities at the code level, yet fail to spot business logic flaws. What hidden risks exist within websites and APIs? How can enterprises automatically discover business logic vulnerabilities and obtain actionable remediation guidance for immediate implementation? Developed to tackle these...
