Blog

Santa Clara, Calif. Jun 13, 2025 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced today that it has attained ISO 27701:2019 Privacy Information Management System (PIMS) certification. ISO/IEC 27701 extends the ISO/IEC 27001 information security management system to address global privacy protection needs, establishing a unified international standard for information security, privacy, […]

Overview On June 11, NSFOCUS CERT detected that Microsoft released a security update patch for June, fixing 67 security issues involving widely used products such as Windows, Microsoft Office, Azure, and Microsoft Visual Studio, including high-risk vulnerability types such as privilege escalation and remote code execution. Of the vulnerabilities fixed in Microsoft’s monthly update this […]

Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the arbitrary file read and SSRF vulnerabilities in Apache Kafka (CVE-2025-27817); Because the Apache Kafka client does not strictly validate and restrict user input, an unauthenticated attacker can elevate the file system/environment/URL access rights of the REST API by constructing malicious configurations […]

SANTA CLARA, Calif., June 9, 2025 – NSFOCUS, a global leader in cybersecurity solutions, announced the release of its annual report, the 2024 Global DDoS Landscape Report. The full report is packed with in-depth analysis and insights that can help organizations better understand the DDoS threat environment and formulate more effective countermeasures. Highlights of the […]

Overview Recently, NSFOCUS CERT has detected that DataEase has issued a security bulletin to fix multiple high-risk vulnerabilities in DataEase (CVE-2025-49001/CVE-2025-49002/CVE-2025-48999). Combined use can achieve unauthorized code execution. At present, the vulnerability details and PoC have been made public. Relevant users are requested to take measures to protect them as soon as possible. CVE-2025-49001: Due […]

Santa Clara, Calif. May 28, 2025 – Recently, global research and advisory firm Forrester released The Network Analysis and Visibility (NAV) Solutions Landscape, Q2 2025, offering a comprehensive analysis of market dynamics, technology trends, and product capabilities. NSFOCUS has once again [1] been included in this report. Forrester’s reports on specific technical fields are highly recognized worldwide. […]

Overview Recently, NSFOCUS CERT detected that VMware issued a security bulletin to fix the command execution vulnerability (CVE-2025-41225) of VMware vCenter Server; Due to an authenticated command execution vulnerability in VMware vCenter Server, an attacker with permissions to create or modify alerts and run scripts can exploit this vulnerability to execute arbitrary commands on the […]

Recently, NSFOCUS CERT detected that Ivanti issued a security advisory to fix the authentication bypass and remote code execution vulnerabilities (CVE-2025-4427/CVE-2025-4428) in Ivanti Endpoint Manager Mobile (EPMM). At present, both 2 vulnerabilities have been found to be exploited in the wild. Please take measures to protect them as soon as possible. CVE-2025-4427: An authentication bypass […]

A segurança digital se tornou uma prioridade inegociável. Com o avanço da tecnologia, surgem também novas ameaças digitais e uma das mais perigosas é o ataque cibernético. Empresas, governos e até mesmo usuários comuns estão constantemente na mira de criminosos digitais que buscam explorar vulnerabilidades. Mas afinal, o que é ataque cibernético, quais são os […]

Santa Clara, Calif. May 14, 2025 – Recently, Gartner released the “Market Guide for Cloud Web Application and API Protection”[1], and NSFOCUS was selected as a Representative Vendor with its innovative WAAP solution. We believe this recognition reflects the technical accumulation and practical capabilities of NSFOCUS WAF in the field of cloud native security protection. Its […]