Blog

Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the Apache Tomcat path traversal vulnerability (CVE-2025-55752); This vulnerability is a flaw introduced when fixing CVE-2016-5388. Since the rewritten URL is normalized before URL decoding, if the system is configured with rewrite rules to rewrite query parameters into the URL, an authenticated […]

Overview Recently, NSFOCUS CERT detected that Microsoft released a security update that fixed the Windows Server Update Service (WSUS) remote code execution vulnerability (CVE-2025-59287); Because WSUS’s GetCookie does not perform type verification when processing objects, an unauthenticated attacker can achieve remote code execution by deserializing malicious data to control the target server. The CVSS score […]

It is not uncommon for open source licenses to change. When licenses change, users often need to re-evaluate compliance risks. Take Redis as an example. Redis is a popular key-value store whose open source license has undergone changes from BSD to SSPL and then to AGPL, which has caused widespread discussion and controversy in the […]

Você já recebeu um e-mail ou uma mensagem de texto informando que seus dados pessoais foram expostos por algum site ou aplicativo que você usa?  Se sim, você foi vítima de um vazamento de dados, situação cada vez mais comum na era digital. Mas o que isso significa e quais são as consequências para a […]

Overview Recently, NSFOCUS CERT detected that Samba released a security update to fix the Samba WINS command injection vulnerability (CVE-2025-10230); Since WINS when Samba is used as an AD domain controller does not strictly verify the wins hook script command when processing registration messages, unauthenticated attackers can construct a special host name to inject commands […]

Overview On October 15, NSFOCUS CERT detected that Microsoft released the October Security Update patch, fixing 175 security issues involving widely used products such as Windows, Microsoft Office, Azure, Apps, Microsoft Exchange Server, and Microsoft Visual Studio. These include high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by […]

Overview Recently, NSFOCUS CERT detected that Oracle issued a security bulletin to fix the remote code execution vulnerability (CVE-2025-61882) in Oracle E-Business Suite; Because Oracle Concurrent Processing (BI Publisher Integration) of Oracle E-Business Suite does not strictly validate and filter user input, unauthenticated attackers can use SSRF, CRLF injection, Vulnerability chains such as path traversal […]

Overview Recently, NSFOCUS CERT detected that Redis issued a security bulletin and fixed the Redis Lua code execution vulnerability (CVE-2025-49844); Because Redis’s Lua script engine has a use-after-free reuse vulnerability when handling memory management, an authenticated attacker can write a specially crafted Lua script to manipulate the memory recycling mechanism and execute the Lua script […]

A criptografia é um tema cada vez mais presente no cotidiano de quem utiliza a internet, seja para fins pessoais ou profissionais. Ao longo deste texto, você vai descobrir o que é criptografia, como ela surgiu, quais são seus principais tipos, onde é aplicada, os riscos de não utilizá-la e muito mais. O que é […]

Os bots, uma abreviação para robôs, tornaram-se uma parte essencial do nosso mundo digital. Eles desempenham várias funções, desde automatizar tarefas simples até realizar atividades complexas na internet.  Neste artigo, vamos conhecer melhor o mundo dos bots, como eles funcionam, os diferentes tipos e como você pode proteger sua empresa contra bots maliciosos. Continue a […]