Santa Clara, Calif. Feb 26, 2024 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced that it has been featured in Frost Radar™: Modern Security Information and Event Management, 2024 released by Frost & Sullivan, an internationally renowned market research institution, and became the only vendor in the Asia-Pacific region selected for this report. According to […]

With the wide application of large language models (LLM) in various fields, their potential risks and threats have gradually become prominent. “Content security” caused by inaccurate or misleading information is becoming a security concern that cannot be ignored. Unfairness and bias, adversarial attacks, malicious code generation, and exploitation of security vulnerabilities continue to raise risk […]

Overview Recently, NSFOCUS CERT detected that PostgreSQL has issued a security announcement and fixed the PostgreSQL SQL injection vulnerability (CVE-2025-1094), with a CVSS score of 8.1. Since the psql tool of PostgreSQL is used to detect invalid UTF-8 characters (such as hax\xC0′; \! id #), resulting in accidental segmentation of SQL statements, and unauthenticated attackers […]

Dilemma of Traditional Automated Penetration Testing Penetration testing has always been the core means of offensive and defensive confrontation for cybersecurity. However, traditional automatic penetration tools face three major bottlenecks: lack of in-depth understanding of business logic, insufficient ability to detect logical vulnerabilities, and weak ability to link vulnerabilities. Although the passive scanning engine can […]

Recently, DeepSeek attracted global attention and triggered worldwide discussion with its advanced AI models. According to media, numerous Chinese companies have integrated DeepSeek, including Tencent, Alibaba, Baidu, Huawei, Geely Auto, PICC, Huawei, Honor, OPPO and Lenovo, covering multiple industries such as telecommunications, cloud computing, semiconductors, finance, automotive, and mobile technology. Meanwhile, With the fast increasing […]

Overview Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the identity bypass vulnerability in PAN-OS (CVE-2025-0108). Due to the problem of path processing by Nginx/Apache in PAN-OS, unauthenticated attackers can bypass authentication to access the management web interface of PAN-OS device and call some PHP scripts, thus obtaining sensitive […]

Overview On February 12, NSFOCUS CERT detected that Microsoft released a security update patch for February, which fixed 63 security issues involving widely used products such as Windows, Microsoft Office, Azure, Apps, and Microsoft Visual Studio, including high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed in Microsoft’s monthly update […]

NSFOCUS Security Lab conducted actual tests recently to evaluate DeepSeek-R1’s performance in security alarm analysis, in which DeepSeek-R1 showed higher alarm coverage than NSFOCUS’ self-developed SecLLM NSFGPT, but it also faces high false alarm rate and large performance overhead. Nonetheless, its enormous potential is noteworthy. This post will focus on the application evaluation of DeepSeek-R1 […]

Background With the widespread application of AI technology, software supply chains are facing more complex and diverse security threats. Since January 2025, DeepSeek, as an emerging force in China’s AI industry, has suffered from series of cyberattacks. According to the analysis by NSFOCUS Security Lab, most attacks are from IP addresses in the United States. […]

Continuous Improvement of Asset Detection Capability Asset detection refers to the process of tracking and mastering network assets. The detection covers hardware equipment such as network products and general computing equipment; system software such as operating systems and virtualization platforms; middleware such as databases, language environments and development frameworks; application software such as ERP and […]