Santa Clara, Calif. Oct 2, 2025 – Recently, NSFOCUS held the AI New Product Launch in Beijing, comprehensively showcasing the company’s latest technological achievements and practical experience in AI security. With large language model security protection as the core topic, the launch systematically introduced NSFOCUS’s concept and practices in strategy planning, scenario-based protection, technical products, and […]

Santa Clara, Calif. Sep 29, 2025 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced today that it has attained ISO 28000:2022 Security and Resilience – Security Management Systems (SMS) certification. ISO 28000 is an international standard for supply chain security. It specifies the requirements for a management system to protect all links in […]

Overview Recently, NSFOCUS CERT detected that H2O-3 released a security update to fix the H2O-3 JDBC deserialization vulnerability (CVE-2025-6544); This vulnerability is a bypass of CVE-2025-6507. Due to the system’s flawed handling of JDBC connection parameters, an unauthenticated attacker can bypass existing regular expression checks through double URL encoding, thereby enabling arbitrary file reading and […]

Regional APT Threat Situation In August 2025, the global threat hunting system of Fuying Lab detected a total of 23 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, Eastern Europe, and West Asia, as shown in the following figure. Regarding the activity levels of different organizations, the most […]

Overview NSFOCUS LLM security solution consists of two products and services: the LLM security assessment system (AI-SCAN) and the AI unified threat management (AI-UTM), forming a security assessment and protection system covering the entire life cycle of LLM. In the model training and fine-tuning stage, the large language model security assessment system (AI-SCAN) plays a […]

Overview On September 10, NSFOCUS CERT detected that Microsoft released the September Security Update patch, fixing 86 security issues involving widely used products such as Windows, Microsoft Office, Azure, and Microsoft SQL Server, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this month, […]

Overview Recently, NSFOCUS CERT detected that H2O-3 released a security update to fix the H2O-3 JDBC deserialization vulnerability (CVE-2025-6507); This vulnerability is a bypass of CVE-2024-45758 and CVE-2024-10553. Due to the deserialization flaw in the system’s JDBC connection processing logic, an unauthenticated attacker can bypass existing regular expression filtering by manipulating spaces between parameters, thereby […]

Overview Recently, NSFOCUS CERT detected that Gitblit issued a security announcement and fixed the Gitblit authentication bypass vulnerability (CVE-2024-28080); Because Gitblit’s SSH service has defects in the public key authentication process, unauthenticated attackers can use the client’s public key to trigger signature verification failure and fall back to password-based authentication to complete SSH login with […]

Recently, Gartner released “Hype Cycle for APIs, 2025”, NSFOCUS was selected as a Representative vendor in API Threat Protection of Hype Cycle with its cloud-native API security solution. We believe, this recognition reflects NSFOCUS’s comprehensive strength in API security technology innovation research, and continuous accumulation and achievements in API security protection practices in cloud-native environments. With […]

Recently, Forrester released the 2025 “The Cloud Native Application Protection Solutions Landscape” report. NSFOCUS Cloud Native Application Protection Solution (hereinafter referred to as “NSFOCUS CNAPP”) has been selected among Representative vendors in the field of cloud native security, which NSFOCUS believes is due to its continuous innovation and prospective layout. The solution is an integrated, […]