Emergency Response
Microsoft’s Security Update in June of High-Risk Vulnerability Notice for Multiple Products
Overview On June 9, NSFOCUS CERT detected that Microsoft released a security update patch for June, fixing 206 security issues involving widely used products such as Windows, Microsoft Office, Microsoft Exchange Server, ...
Nginx Remote Code Execution Vulnerability (CVE-2026-42945) Notice
Overview Recently, NSFOCUS CERT detected that Nginx and F5 issued security bulletins to fix the Nginx remote code execution vulnerability (CVE-2026-42945); because the ngx_http_rewrite_module module contains question marks in processing (? ) ...
Linux Kernel Fragnesia Privilege Escalation Vulnerability (CVE-2026-46300) Notice
Overview Recently, NSFOCUS CERT detected that the Linux kernel Fragnesia privilege escalation vulnerability (CVE-2026-46300) was disclosed online. Fragnesia is a new variant of Dirty Frag; Due to the logical defects in the ...
Linux Kernel Privilege Escalation Vulnerability (Dirty Frag) Alert
Overview Recently, NSFOCUS CERT has detected a Linux kernel privilege escalation vulnerability (Dirty Frag) disclosed online. Attackers use the logical defects of splice system calls in conjunction with xfrm-ESP or RxRPC protocol ...
WAF Defense in Crisis? NSFOCUS Locks Down “Ghost Bits” Attacks in Advance
Incident Review In April 2026, Black Hat Asia 2026 disclosed a systematic security threat named Ghost Bits, targeting underlying encoding flaws in the Java ecosystem that can render mainstream WAF/IDS defenses completely ...
Xinference PyPI Supply Chain Poisoning Warning
Overview Recently, NSFOCUS CERT detected that Xinference had suffered supply chain poisoning in its PyPI warehouse. The attacker stole the PyPI release permission credentials of Xinference maintainers and released three consecutive malicious ...
Microsoft’s April Security Update of High-Risk Vulnerability Notice for Multiple Products
Overview On April 15, NSFOCUS CERT detected that Microsoft released the April Security Update patch, fixing 165 security issues involving Windows, Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio, Microsoft .NET Framework, ...
Axios Front-End Library npm Supply Chain Poisoning Alert
Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline ...
Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products
Overview On March 11, NSFOCUS CERT detected that Microsoft released the March Security Update patch, which fixed 83 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, ...
AI Infrastructure LiteLLM Supply Chain Poisoning Alert
Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had suffered supply chain ...
