Microsoft’s September Security Update High-Risk Vulnerability Notice for Multiple Products
setembro 11, 2025
Overview On September 10, NSFOCUS CERT detected that Microsoft released the September Security Update patch, fixing 86 security issues involving widely used products such as Windows, Microsoft Office, Azure, and Microsoft SQL Server, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this month, […]
O que é computação quântica? Entenda a relação com IA
setembro 10, 2025
A computação quântica deixou de ser um conceito distante da ficção científica para se tornar uma das áreas mais promissoras da tecnologia atual. Este artigo é focado em explicar o impacto e o potencial dessa revolução computacional. Você vai descobrir o que é a computação quântica, como ela funciona, suas diferenças em relação aos computadores […]
Visibilidade de ataque externo: o que é e qual a importância?
setembro 5, 2025
A segurança cibernética é um dos principais temas no mundo corporativo. Boa parte das empresas, independentemente do porte, seguem vulneráveis a diferentes tipos de ameaças digitais. Diante desse cenário, um dos conceitos mais relevantes é a visibilidade de ataque externo. Ter clareza sobre o que esse termo significa e por quê ele é tão fundamental […]
H2O-3 JDBC Deserialization Vulnerability (CVE-2025-6507)
setembro 4, 2025
Overview Recently, NSFOCUS CERT detected that H2O-3 released a security update to fix the H2O-3 JDBC deserialization vulnerability (CVE-2025-6507); This vulnerability is a bypass of CVE-2024-45758 and CVE-2024-10553. Due to the deserialization flaw in the system’s JDBC connection processing logic, an unauthenticated attacker can bypass existing regular expression filtering by manipulating spaces between parameters, thereby […]
Gitblit Authentication Bypass Vulnerability (CVE-2024-28080)
setembro 2, 2025
Overview Recently, NSFOCUS CERT detected that Gitblit issued a security announcement and fixed the Gitblit authentication bypass vulnerability (CVE-2024-28080); Because Gitblit’s SSH service has defects in the public key authentication process, unauthenticated attackers can use the client’s public key to trigger signature verification failure and fall back to password-based authentication to complete SSH login with […]
NSFOCUS Recognized by Gartner® “Hype Cycle™ for APIs, 2025” for API Threat Protection
setembro 2, 2025
Recently, Gartner released “Hype Cycle for APIs, 2025”, NSFOCUS was selected as a Representative vendor in API Threat Protection of Hype Cycle with its cloud-native API security solution. We believe, this recognition reflects NSFOCUS’s comprehensive strength in API security technology innovation research, and continuous accumulation and achievements in API security protection practices in cloud-native environments. With […]
NSFOCUS was Included Among Representative Vendors in “The Cloud Native Application Protection Solutions Landscape”
agosto 28, 2025
Recently, Forrester released the 2025 “The Cloud Native Application Protection Solutions Landscape” report. NSFOCUS Cloud Native Application Protection Solution (hereinafter referred to as “NSFOCUS CNAPP”) has been selected among Representative vendors in the field of cloud native security, which NSFOCUS believes is due to its continuous innovation and prospective layout. The solution is an integrated, […]
Prompt Injection: An Analysis of Recent LLM Security Incidents
agosto 26, 2025
Overview With the widespread application of LLM technology, data leakage incidents caused by prompt word injections are increasing. Many emerging attack methods, such as inducing AI models to execute malicious instructions through prompt words, and even rendering sensitive information into pictures to evade traditional detection, are posing serious challenges to data security. At the same […]
NSFOCUS Monthly APT Insights – July 2025
agosto 25, 2025
Regional APT Threat Situation In July 2025, the global threat hunting system of Fuying Lab detected a total of 33 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, Southeast Asia, Eastern Europe, and West Asia, as shown in the following figure. Regarding the activity levels of different organizations, […]
US Officials Claim to Have Gained Control of the RapperBot
agosto 22, 2025
Overview Recently, US officials claimed to have successfully gained control of RapperBot, effectively curbing this powerful source of DDoS attacks. The operation pinpointed the key figure behind the botnet, Ethan Foltz. According to the investigation, Foltz has been developing and operating RapperBot since 2021, with his residence in Eugene, Oregon, USA. Since its activity, the […]
