As the clock ticks down to the full enforcement of Hong Kong's Protection of Critical Infrastructures (Computer Systems) Ordinance on January 1, 2026, designated operators of Critical Infrastructures (CI) and Critical Computer Systems (CCS) must act decisively. This landmark law mandates robust cybersecurity measures for Critical Computer Systems (CCS) to...
Autor: NSFOCUS
Microsoft’s December Security Update of High-Risk Vulnerability Notice for Multiple Products
Overview On December 10, NSFOCUS CERT detected that Microsoft released the December Security Update patch, which fixed 57 security issues involving widely used products such as Windows, Microsoft Office, Microsoft Exchange Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed...
O que é monitoramento de rede? Importância para as empresas
O monitoramento de rede é uma prática essencial para empresas que dependem de infraestrutura digital para operar com eficiência. Com a crescente digitalização dos negócios, a necessidade de garantir a estabilidade, segurança e desempenho das redes corporativas nunca foi tão grande. Problemas como lentidão, falhas de conectividade e ataques cibernéticos...
React/Next.js Remote Code Execution Vulnerability (CVE-2025-55182/CVE-2025-66478) Notice and Handling Manual
Overview Recently, NSFOCUS CERT has detected that React and Next.js have issued security bulletins to fix the remote code execution vulnerability of React/Next.js (CVE-2025-55182/CVE-2025-66478); Because React Server Components are insecurely deserialized when processing HTTP requests, an unauthenticated attacker can call the Node.js built-in module by constructing a specially crafted form...
Cursor Remote Code Execution Vulnerability (CVE-2025-62354) Notice
Overview Recently, NSFOCUS CERT detected that HiddenLayer released a vulnerability report disclosing the Cursor remote code execution vulnerability (CVE-2025-62354). Because Cursor's check function for terminal commands in autorun mode has a logical flaw, an unauthenticated attacker can bypass the preset allowlist restrictions by constructing specially crafted malicious input, thereby achieving...
NSFOCUS Monthly APT Insights – October 2025
Regional APT Threat Situation In October 2025, the global threat hunting system of Fuying Lab detected a total of 31 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, with a smaller portion also found in Eastern Europe and Western Asia, as shown in...
