SANTA CLARA, Calif., Nov 18, 2025 — International Data Corporation (IDC) officially released the “2025 IDC China Top 10 Cybersecurity Professionals” at the 10th IDC China CIO Summit last month. This honor is intended to recognize outstanding individuals who have made significant contributions to China’s cybersecurity market this year. Dr. Richard Zhao, Chief Strategy Officer […]

Os ataques hacker estão entre as maiores ameaças à segurança digital de empresas de todos os portes. Organizações de diversos segmentos já sofreram com prejuízos milionários, vazamento de dados sensíveis e danos à reputação.  Este conteúdo é ideal para gestores de TI, profissionais de cibersegurança e tomadores de decisão que desejam entender o cenário atual […]

Incident Summary On October 21, 2025, NSFOCUS Cloud DDoS Protection Service (Cloud DPS) detected and mitigated an 800G+ DDoS attack towards a critical infrastructure operator. The target network sustained a multi-vector volumetric DDoS attack peaking at 843.4 Gbps and 73.6 Mpps. The assault combined UDP-based floods (dominant) with amplification and reflection techniques. NSFOCUS Cloud DPS […]

Overview On November 12, NSFOCUS CERT detected that Microsoft released the November Security Update patch, which fixed 63 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, and Microsoft Visual Studio, including privilege escalation, high-risk vulnerability types such as remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly […]

Regional APT Threat Situation In September 2025, the global threat hunting system of Fuying Lab detected a total of 24 APT attack activities. These activities were primarily concentrated in regions including East Asia, South Asia, as shown in the following figure. Regarding the activity levels of different groups, the most active APT groups this month […]

Overview Recently, NSFOCUS CERT detected that JumpServer issued a security bulletin to fix the JumpServer connection token improper authentication vulnerability (CVE-2025-62712); Due to improper authentication of JumpServer’s /api/v1/authentication/super-connection-token/hyper-connected endpoint, attackers with low-privilege accounts can obtain the connection tokens of all system users and connect to managed assets as them, thereby achieving unauthorized access and privilege […]

O Distributed Denial of Service (DDoS) é um dos maiores desafios de segurança para empresas de todos os tamanhos, pois esse tipo de ataque tem como objetivo inoperar serviços vitais e aplicações importantes, afetando diretamente a fonte de receita das organizações. Com o crescimento da internet, as empresas têm tido que encontrar formas de se […]

SANTA CLARA, Calif., November 4, 2025 – The 18th Global Security Analyst Summit (SAS) concluded successfully in Khao Lak, Thailand. Focused on the complexity of APT attacks, the summit exposed the latest attack activities from Hacking Team and disclosed multiple major security risk incidents. It gathered top global cybersecurity experts, academic elites, and law enforcement representatives to […]

Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the Apache Tomcat path traversal vulnerability (CVE-2025-55752); This vulnerability is a flaw introduced when fixing CVE-2016-5388. Since the rewritten URL is normalized before URL decoding, if the system is configured with rewrite rules to rewrite query parameters into the URL, an authenticated […]

Overview Recently, NSFOCUS CERT detected that Microsoft released a security update that fixed the Windows Server Update Service (WSUS) remote code execution vulnerability (CVE-2025-59287); Because WSUS’s GetCookie does not perform type verification when processing objects, an unauthenticated attacker can achieve remote code execution by deserializing malicious data to control the target server. The CVSS score […]