Overview Recently, NSFOCUS CERT detected that Microsoft released a security update that fixed the Windows Server Update Service (WSUS) remote code execution vulnerability (CVE-2025-59287); Because WSUS’s GetCookie does not perform type verification when processing objects, an unauthenticated attacker can achieve remote code execution by deserializing malicious data to control the target server. The CVSS score […] The post Windows Server Update Service (WSUS) Remote Code Execution Vulnerab...| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
It is not uncommon for open source licenses to change. When licenses change, users often need to re-evaluate compliance risks. Take Redis as an example. Redis is a popular key-value store whose open source license has undergone changes from BSD to SSPL and then to AGPL, which has caused widespread discussion and controversy in the […] The post Beware of the Risk of Open-Source License Changes appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises a...| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
Overview Recently, NSFOCUS CERT detected that Samba released a security update to fix the Samba WINS command injection vulnerability (CVE-2025-10230); Since WINS when Samba is used as an AD domain controller does not strictly verify the wins hook script command when processing registration messages, unauthenticated attackers can construct a special host name to inject commands […] The post Samba WINS Command Injection Vulnerability (CVE-2025-10230) Notice appeared first on NSFOCUS, Inc., a ...| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
Overview On October 15, NSFOCUS CERT detected that Microsoft released the October Security Update patch, fixing 175 security issues involving widely used products such as Windows, Microsoft Office, Azure, Apps, Microsoft Exchange Server, and Microsoft Visual Studio. These include high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by […]| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
Overview Recently, NSFOCUS CERT detected that Oracle issued a security bulletin to fix the remote code execution vulnerability (CVE-2025-61882) in Oracle E-Business Suite; Because Oracle Concurrent Processing (BI Publisher Integration) of Oracle E-Business Suite does not strictly validate and filter user input, unauthenticated attackers can use SSRF, CRLF injection, Vulnerability chains such as path traversal […] The post Oracle E-Business Suite Remote Code Execution Vulnerability (CVE-2025...| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
Overview Recently, NSFOCUS CERT detected that Redis issued a security bulletin and fixed the Redis Lua code execution vulnerability (CVE-2025-49844); Because Redis’s Lua script engine has a use-after-free reuse vulnerability when handling memory management, an authenticated attacker can write a specially crafted Lua script to manipulate the memory recycling mechanism and execute the Lua script […] The post Redis Lua Code Execution Vulnerability (CVE-2025-49844) Notice appeared first on NS...| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
NSFOCUS is thrilled to announce our participation in GovWare 2025—taking place from 21 to 23 October 2025 at the Sands Expo and Convention Centre, Singapore. We invite all attendees to visit us at Booth D09, where we’ll showcase game-changing solutions designed to redefine security operations and safeguard AI-driven environments. With over two decades of expertise serving governments, […] The post GovWare 2025: Join NSFOCUS at Booth D09! appeared first on NSFOCUS, Inc., a global netwo...| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
Santa Clara, Calif. Oct 2, 2025 – Recently, NSFOCUS held the AI New Product Launch in Beijing, comprehensively showcasing the company’s latest technological achievements and practical experience in AI security. With large language model security protection as the core topic, the launch systematically introduced NSFOCUS’s concept and practices in strategy planning, scenario-based protection, technical products, and […] The post Building a Full-Lifecycle Defense System for Large Langua...| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
Santa Clara, Calif. Sep 29, 2025 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced today that it has attained ISO 28000:2022 Security and Resilience – Security Management Systems (SMS) certification. ISO 28000 is an international standard for supply chain security. It specifies the requirements for a management system to protect all links in […]| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
Overview Recently, NSFOCUS CERT detected that H2O-3 released a security update to fix the H2O-3 JDBC deserialization vulnerability (CVE-2025-6544); This vulnerability is a bypass of CVE-2025-6507. Due to the system’s flawed handling of JDBC connection parameters, an unauthenticated attacker can bypass existing regular expression checks through double URL encoding, thereby enabling arbitrary file reading and […] The post H2O-3 JDBC Deserialization Vulnerability (CVE-2025-6544) appeared fir...| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
Overview On September 10, NSFOCUS CERT detected that Microsoft released the September Security Update patch, fixing 86 security issues involving widely used products such as Windows, Microsoft Office, Azure, and Microsoft SQL Server, including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this month, […]| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
Regional APT Threat Situation In July 2025, the global threat hunting system of Fuying Lab detected a total of 33 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, Southeast Asia, Eastern Europe, and West Asia, as shown in the following figure. Regarding the activity levels of different organizations, […]| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
NSFOCUS provides integrated cloud & on-premises security solutions powered by global threat intelligence delivering complete protection from cyber threats.| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
Overview Recently, NSFOCUS CERT detected that Cursor issued a security bulletin and fixed the Cursor remote code execution vulnerability (CVE-2025-54135); Because Cursor allows files to be written to the workspace without user approval, when an external Model Control Protocol (MCP) server is configured through the Cursor user interface, an attacker can use Agent to rewrite […]| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
If you would like more information about NSFOCUS, have a comment or a question, please complete the registration form.| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
Customer Pain Points “Gap” in security protection after new business launch A financial company launched a new business system; the O&M team had to manually add the server IP to the WAF whitelist. Due to the cumbersome approval process, the configuration was not completed until 3 days later. During this period, hackers had invaded the […]| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...