Hong Kong’s New Critical Infrastructure Ordinance will be effective by 1 January 2026 – What CIOs Need to Know
dezembro 12, 2025
As the clock ticks down to the full enforcement of Hong Kong’s Protection of Critical Infrastructures (Computer Systems) Ordinance on January 1, 2026, designated operators of Critical Infrastructures (CI) and Critical Computer Systems (CCS) must act decisively. This landmark law mandates robust cybersecurity measures for Critical Computer Systems (CCS) to prevent disruptions, with non-compliance risking […]
Microsoft’s December Security Update of High-Risk Vulnerability Notice for Multiple Products
dezembro 11, 2025
Overview On December 10, NSFOCUS CERT detected that Microsoft released the December Security Update patch, which fixed 57 security issues involving widely used products such as Windows, Microsoft Office, Microsoft Exchange Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this […]
React/Next.js Remote Code Execution Vulnerability (CVE-2025-55182/CVE-2025-66478) Notice and Handling Manual
dezembro 4, 2025
Overview Recently, NSFOCUS CERT has detected that React and Next.js have issued security bulletins to fix the remote code execution vulnerability of React/Next.js (CVE-2025-55182/CVE-2025-66478); Because React Server Components are insecurely deserialized when processing HTTP requests, an unauthenticated attacker can call the Node.js built-in module by constructing a specially crafted form to execute arbitrary code on […]
Cursor Remote Code Execution Vulnerability (CVE-2025-62354) Notice
dezembro 1, 2025
Overview Recently, NSFOCUS CERT detected that HiddenLayer released a vulnerability report disclosing the Cursor remote code execution vulnerability (CVE-2025-62354). Because Cursor’s check function for terminal commands in autorun mode has a logical flaw, an unauthenticated attacker can bypass the preset allowlist restrictions by constructing specially crafted malicious input, thereby achieving remote code execution on the […]
NSFOCUS Monthly APT Insights – October 2025
novembro 28, 2025
Regional APT Threat Situation In October 2025, the global threat hunting system of Fuying Lab detected a total of 31 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, with a smaller portion also found in Eastern Europe and Western Asia, as shown in the figure below. Regarding the […]
NSFOCUS Receives International Recognition: 2025 Global Competitive Strategy Leadership for AI-Driven Security Operation
novembro 25, 2025
SANTA CLARA, Calif., Nov 25, 2025 – Recently, NSFOCUS Generative Pre-trained Transformer (NSFGPT) and Intelligent Security Operations Platform (NSFOCUS ISOP) were recognized by the internationally renowned consulting firm Frost & Sullivan and won the 2025 Global Competitive Strategy Leadership for AI-Driven Security Operation [1]. Frost & Sullivan Best Practices Recognition awards companies each year in […]
Fortinet FortiWeb Authentication Bypass and Command Injection Vulnerability (CVE-2025-64446/CVE-2025-58034) Notice
novembro 21, 2025
Overview Recently, NSFOCUS CERT detected that Fortinet issued a security bulletin to fix the FortiWeb authentication bypass and command injection vulnerability (CVE-2025-64446/CVE-2025-58034); Combined exploitation can realize unauthorized remote code execution. At present, the vulnerability details and PoC have been made public, and wild exploitation has been found. Relevant users are requested to take measures to […]
Record-Breaking Cloud Incident Brings Outage Through the Internet
novembro 19, 2025
November 18, 2025 – Cloudflare Global Outage (not a DDoS) The timing and Cloudflare’s brief initial misdiagnosis caused widespread confusion, with many people incorrectly believing Cloudflare had been DDoSed. Some reports even mentioned that the Cloudflare Incident was linked to an earlier DDoS incident towards Microsoft Azure. In reality, the two events were unrelated. October […]
Dr. Richard Zhao from NSFOCUS Selected into 2025 Top 10 Cybersecurity Professionals by Leading Consulting Company
novembro 18, 2025
SANTA CLARA, Calif., Nov 18, 2025 — International Data Corporation (IDC) officially released the “2025 IDC China Top 10 Cybersecurity Professionals” at the 10th IDC China CIO Summit last month. This honor is intended to recognize outstanding individuals who have made significant contributions to China’s cybersecurity market this year. Dr. Richard Zhao, Chief Strategy Officer […]
NSFOCUS Cloud DDoS Protection Service (Cloud DPS) Detected and Mitigated an 800G+ DDoS Attack towards a Critical Infrastructure Operator
novembro 17, 2025
Incident Summary On October 21, 2025, NSFOCUS Cloud DDoS Protection Service (Cloud DPS) detected and mitigated an 800G+ DDoS attack towards a critical infrastructure operator. The target network sustained a multi-vector volumetric DDoS attack peaking at 843.4 Gbps and 73.6 Mpps. The assault combined UDP-based floods (dominant) with amplification and reflection techniques. NSFOCUS Cloud DPS […]
