Overview Recently, NSFOCUS CERT detected that Microsoft released a security announcement and fixed the spoofing vulnerability of Windows File Explorer (CVE-2025-24071), with a CVSS score of 7.5. Due to the implicit trust and automatic file parsing behavior of .library-ms files by Windows Explorer, unauthenticated attackers can save files by constructing RAR/ZIP with an embedded malicious […]

O monitoramento de rede é uma prática essencial para empresas que dependem de infraestrutura digital para operar com eficiência. Com a crescente digitalização dos negócios, a necessidade de garantir a estabilidade, segurança e desempenho das redes corporativas nunca foi tão grande. Problemas como lentidão, falhas de conectividade e ataques cibernéticos podem gerar prejuízos financeiros e […]

Overview Recently, NSFOCUS detected that Ollama improperly configured and unauthorized access vulnerabilities were disclosed online (CNVD-2025-04094); Because Ollama does not have authentication and access control functions by default, when a user opens the service (port 11434 by default) to the public network, an unauthenticated attacker can directly call its API interface to steal sensitive model […]

Overview Recently, NSFOCUS CERT detected that Apache issued a security announcement and fixed the remote code execution vulnerability of Apache Tomcat (CVE-2025-24813). An unauthenticated attacker can execute arbitrary code to gain server privileges when the application has servlet write enabled (disabled by default), uses Tomcat file session persistence and a default storage location, and contains […]

Overview In recent years, with the wide application of open-source LLMs such as DeepSeek and Ollama, global enterprises are accelerating the private deployment of LLMs. This wave not only improves the efficiency of enterprises, but also increases the risk of data security leakage. According to NSFOCUS Xingyun Lab, from January to February 2025 alone, five […]

A segurança de aplicações web é uma prioridade para empresas de todos os tamanhos. À medida que a internet se integra a praticamente toda a nossa rotina, a necessidade de proteger sistemas contra ataques criminosos torna-se ainda mais crítica. Com isso, o Web Application Firewall (WAF) surge como uma das ferramentas mais eficazes para manter […]

Overview Recently, NSFOCUS CERT detected that VMware issued a security announcement and fixed multiple high-risk vulnerabilities (CVE-2025-22224/CVE-2025-22225/CVE-2025-22226) in VMware ESXi&Workstation&Fusion. At present, all the 3 vulnerabilities have been found to be exploited in the wild. Please take protective measures as soon as possible. CVE-2025-22224: There is a TOCTOU (CheckTime-of-use) write vulnerability in VMware ESXi and […]

Santa Clara, Calif. Feb 26, 2024 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced that it has been featured in Frost Radar™: Modern Security Information and Event Management, 2024 released by Frost & Sullivan, an internationally renowned market research institution, and became the only vendor in the Asia-Pacific region selected for this report. According to […]

With the wide application of large language models (LLM) in various fields, their potential risks and threats have gradually become prominent. “Content security” caused by inaccurate or misleading information is becoming a security concern that cannot be ignored. Unfairness and bias, adversarial attacks, malicious code generation, and exploitation of security vulnerabilities continue to raise risk […]

A segurança de API (Application Programming Interface) é uma preocupação central para desenvolvedores e empresas que buscam proteger seus sistemas contra acessos não autorizados e violações de dados. As APIs são essenciais para a comunicação entre diferentes softwares, facilitando a integração de sistemas e a automação de tarefas, mas também podem ser pontos vulneráveis se […]