Protecting AI Security: 2025 Hot Security Incident
fevereiro 23, 2026
GitHub MCP Cross-Repository Data Leak Vulnerability In May 2025, Invariant disclosed a critical vulnerability in GitHub’s Machine Collaboration Protocol (MCP), where attackers embedded malicious commands within public repository Issues to hijack developers’ locally running AI Agents. When an AI Agent was triggered to read and “assist” in processing the Issue, it indiscriminately executed the embedded […]
AI-Empowered Cybersecurity: Key Events and Emerging Trends in 2025
fevereiro 20, 2026
In September 2025, Anthropic disclosed a groundbreaking incident—the world’s first autonomous AI-driven cyberattack. This event, documented as the first large-scale cyber offensive primarily executed by AI with minimal human intervention, underscored the immense threat posed by AI agents in malicious applications. The attackers posed as representatives of a legitimate cybersecurity firm conducting a defense assessment. They […]
Top Security Incidents of 2025: Chrome Browser 0-Day Vulnerability Exploitation
fevereiro 18, 2026
Background In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, the operation leveraged a Google Chrome 0-day vulnerability (CVE-2025-2783) as its core weapon. This vulnerability enabled sandbox escape, allowing arbitrary code execution on victims’ Windows systems and granting full control over the targeted […]
Top Security Incidents of 2025: Lazarus Group’s Cryptocurrency Heist
fevereiro 16, 2026
Event Summary In February 2025, the North Korea-linked APT group Lazarus launched a highly sophisticated supply chain attack against the prominent cryptocurrency exchange Bybit, successfully stealing over 400,000 ETH and stETH—valued at approximately $1.5 billion. This incident marks the largest single security breach in the global cryptocurrency sector to date. The attack exposed critical vulnerabilities […]
Top Security Incidents of 2025: The Emergence of the ChainedShark APT Group
fevereiro 13, 2026
In 2025, NSFOCUS Fuying Lab disclosed a new APT group targeting China’s scientific research sector, dubbed “ChainedShark” (tracking number: Actor240820). Been active since May 2024, the group’s operations are marked by high strategic coherence and technical sophistication. Its primary targets are professionals in Chinese universities and research institutions specializing in international relations, marine technology, and related […]
OpenClaw Open Source AI Agent Application Attack Surface and Security Risk System Analysis
fevereiro 12, 2026
Background In early 2026, OpenClaw (formerly known as Clawdbot and Moltbot), an open-source autonomous AI agent project, quickly attracted global attention. As an automated intelligent application running in the form of a chatbot, it allows users to input natural language commands through Web pages and IM tools (such as Telegram, Slack, Discord, etc.) to achieve […]
An Overview of 2025 Global APT Attack Landscape
fevereiro 11, 2026
In 2025, the global cybersecurity situation continued to deteriorate, with a significant rise in the use of 0-day vulnerabilities in Advanced Persistent Threat (APT) attacks, which became a key driver of accelerating threats. Numerous 0-day vulnerabilities were exploited in operating systems, browsers, network devices, and security software, enabling attackers to bypass defenses for extended periods […]
AI-PTS: Breaking Traditional Barriers, Revolutionizing Penetration Testing
fevereiro 9, 2026
AI Penetration Testing System (AI-PTS) Leveraging AI to empower penetration testing, the AI-PTS integrates AI technology with traditional penetration testing methods. It delivers an AI+ defense system tailored for real-world attack scenarios. The AI-PTS is designed to help security professionals conduct non-destructive security assessments for networks, systems, and applications, significantly improving testing efficiency and quality. […]
Analysis of the Attack Surface in the Agent Skills Architecture: Case Studies and Ecosystem Research
fevereiro 3, 2026
Background As LLMs and intelligent agents expand from dialogue to task execution, the encapsulation, reuse and orchestration of LLM capabilities have become key issues. As a capability abstraction mechanism, Skills encapsulates reasoning logic, tool calls and execution processes into reusable skill units, enabling the model to achieve stable, consistent and manageable operations when performing complex […]
NSFOCUS Monthly APT Insights – December 2025
fevereiro 2, 2026
Regional APT Threat Situation In December 2025, the global threat hunting system of Fuying Lab detected a total of 24 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, with a smaller portion also found in Eastern Europe and South America. Some organizations remain unattributed to known APT groups, […]
