Web security
Ghost CMS Under Siege: How a SQL Injection Turned 700+ Blogs Into Malware Distribution Networks
A critical SQL injection in Ghost CMS turned 700+ sites into malware launchers. Harvard, Oxford, DuckDuckGo compromised. Here's what happened and what to do ...
NSFOCUS AI-PTS: Safeguarding Web Applications Through Dual-Mode Architecture
Traditional penetration testing tools are effective at identifying explicit technical vulnerabilities at the code level, yet fail to spot business logic flaws. What hidden risks exist within websites and APIs? How can ...
Zero Tolerance for Malicious Intrusions—NSFOCUS’s Full-Chain WEB Security Protection System
As regional military conflicts escalate, cyberspace has become a critical battleground, with core WEB application systems frequently targeted by adversaries. Attackers tamper with application content and inject anti-social or anti-government rhetoric, disrupting ...
AI-Empowered Cybersecurity: Key Events and Emerging Trends in 2025
In September 2025, Anthropic disclosed a groundbreaking incident—the world’s first autonomous AI-driven cyberattack. This event, documented as the first large-scale cyber offensive primarily executed by AI with minimal human intervention, underscored the immense ...
Top Security Incidents of 2025: Chrome Browser 0-Day Vulnerability Exploitation
Background In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, the operation leveraged a Google Chrome 0-day vulnerability (CVE-2025-2783) as ...
Top Security Incidents of 2025: Lazarus Group’s Cryptocurrency Heist
Event Summary In February 2025, the North Korea-linked APT group Lazarus launched a highly sophisticated supply chain attack against the prominent cryptocurrency exchange Bybit, successfully stealing over 400,000 ETH and stETH—valued at ...
Top Security Incidents of 2025: The Emergence of the ChainedShark APT Group
In 2025, NSFOCUS Fuying Lab disclosed a new APT group targeting China’s scientific research sector, dubbed “ChainedShark” (tracking number: Actor240820). Been active since May 2024, the group’s operations are marked by high strategic ...
An Overview of 2025 Global APT Attack Landscape
In 2025, the global cybersecurity situation continued to deteriorate, with a significant rise in the use of 0-day vulnerabilities in Advanced Persistent Threat (APT) attacks, which became a key driver of accelerating ...
AI-PTS: Breaking Traditional Barriers, Revolutionizing Penetration Testing
AI Penetration Testing System (AI-PTS) Leveraging AI to empower penetration testing, the AI-PTS integrates AI technology with traditional penetration testing methods. It delivers an AI+ defense system tailored for real-world attack scenarios ...
NDSS 2025 – YuraScanner: Leveraging LLMs For Task-driven Web App Scanning4+
SESSION Session 2B: Web Security Authors, Creators & Presenters: Aleksei Stafeev (CISPA Helmholtz Center for Information Security), Tim Recktenwald (CISPA Helmholtz Center for Information Security), Gianluca De Stefano (CISPA Helmholtz Center for ...
