The RSA Conference 2025 is set to kick off on April 28. Known as the “Oscars of Cybersecurityâ€, RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry. Let’s focus on the new hotspots in cybersecurity and understand the new trends in security development. Today, let’s get...
Blog
Critical Patch Update Announcement in April for All Oracle Products
Overview On April 16, 2025, NSFOCUS CERT detected that Oracle officially released the Critical Patch Update (CPU) for April. A total of 390 vulnerabilities with different degrees were fixed this time. This security update involves Oracle MySQL Connectors, Oracle MySQL Server, Oracle Java SE, Oracle Fusion Middleware, Oracle Financial Services...
NSFOCUS WAF New UI Showcase: Brand New Policy and Template Management Workflow
Three-Tier Protection Rules • Basic Protection: Pre-configured, general and popular security rules for out-of-box deployment.• Optional/Advanced Protection: Advanced rules, customized for specific Web/API applications for optimum protection. Basic ProtectionHTTP Protocol Verification Server Plug-in Crawler Web General Illegal Upload Information Disclosure Semantic Engine Scan ProtectionOptional ProtectionHTTP Access Control Sensitive Information Filter...
Microsoft’s April Security Update of High-Risk Vulnerabilities in Multiple Products
Overview On April 9, NSFOCUS CERT detected that Microsoft released a security update patch for April, fixing 126 security problems in widely used products such as Windows, Microsoft Office, Azure, Microsoft Edge for iOS, Microsoft Visual Studio, etc. This includes high-risk vulnerabilities such as privilege escalation and remote code execution....
NSFOCUS WAF New UI Walkthrough: Site Configuration
Basic Information Core Details: Site name, server info, domain names, etc. Modular Editing: Edit/save individual modules (e.g., basic info, server settings, domains) independently with real-time updates to reduce possible mistakes during configuration. Functional Configuration Manage Advanced Features in One Page Traffic Stats: One-click enable/disable traffic statistics and visit tracking, with...
Vite Arbitrary File Read Vulnerability (CVE-2025-31486)
Overview Recently, NSFOCUS CERT detected that Vite issued a security bulletin to fix the Vite arbitrary file read vulnerability (CVE-2025-31486); Because the Vite development server does not strictly verify the path when processing URL requests, unauthenticated attackers can bypass path access restrictions by constructing special URLs and read arbitrary files...
