NSFOCUS

06/03/2026

To accurately analyze the evolving landscape of global Advanced Persistent Threats ( ) and bolster defenses for digital security and critical information infrastructure, NSFOCUS has released the 𝟮𝟬𝟮𝟱 𝗔𝗣𝗧 𝗔𝗻𝗻𝘂𝗮𝗹 𝗟𝗮𝗻𝗱𝘀𝗰𝗮𝗽𝗲 𝗥𝗲𝗽𝗼𝗿𝘁, combining robust cybersecurity monitoring and advanced threat hunting capabilities.

📜 This report conducts an in-depth analysis of APT activities across 2025 and decodes cutting-edge attack techniques, delivering actionable guidance to defend against APT activities.

In 2025, we recorded 308 APT incidents throughout the year, representing a YoY increase of 4%. Global APT activities showed the characteristics of "technical sophistication, tactical complexity, and frequent vulnerabilities". 👿 Driven by new attack strategies and new productivity tools, APT groups’ attack techniques and tactics continued to upgrade, and their attack accuracy and destructive power have been significantly improved.

👉 Download the full report: https://nsfocusglobal.com/resources/2025-apt-annual-landscape-report/

05/29/2026

LLMs represented by 𝗠𝘆𝘁𝗵𝗼𝘀 have greatly reduced the cost and skill threshold for discovering and exploiting vulnerabilities, making advanced cyber attack capabilities that previously required national resources within reach.

⚠️ The structural shift is real: the time from vulnerability disclosure to weaponization is being compressed to near-zero. Defenders relying on traditional response timelines are already at a systemic disadvantage.

We've published a report analyzing the AI threat landscape following the next-gen LLMs capable of autonomous vulnerability discovery and exploitation.

What should enterprises do?
✅ Build AI + Blue Army platforms for normalized attack-defense drills
✅ Embed AI security agents directly into CI/CD pipelines
✅ Establish SBOM/AIBOM inventories for real-time 0-day impact assessment
✅ Shift focus from perimeter defense to limiting blast radius after breach
✅ Deploy AI-driven XDR platforms for machine-speed threat detection and response

The era of 𝘼𝙄 🆚 𝘼𝙄 𝙞𝙣 𝙘𝙮𝙗𝙚𝙧𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮 is here. Read the full report to understand the threat landscape and our recommended response framework.

🔗https://nsfocusglobal.com/wp-content/uploads/2026/05/Security-Plan-for-AI-Threats.pdf

05/28/2026

In March 2026, NSFOCUS Security Lab discovered a total of 31 attack activities. These activities were mainly distributed in South Asia, Eastern Europe, and the Middle East.

3️⃣ The most active groups in March were from South Asia and based in Eastern Europe, while other relatively active groups included from the Middle East and from South Asia.
😈 87% of the total attack incidents used spear email attack as the intrusion method. A small number of threat actors also utilized vulnerability exploitations (10%) and watering hole attacks for infiltration (3%).
🪖 Military institutions were the primary targets in March, accounting for 33%, followed by government agencies (30%).
📌 In March, key incidents include orchestrating the Axios supply chain poisoning campaign, a vulnerability in products being escalated to a RCE severity, and leveraging OpenClaw-related GitHub repositories to distribute malware.

Learn more in 𝗡𝗦𝗙𝗢𝗖𝗨𝗦 𝗔𝗣𝗧 𝗺𝗼𝗻𝘁𝗵𝗹𝘆 𝗯𝗿𝗶𝗲𝗳𝗶𝗻𝗴:
🔗 https://nsfocusglobal.com/nsfocus-monthly-apt-insights-march-2026/

Regional APT Threat Situation In March 2026, the global threat hunting system of Fuying Lab detected a total of 31 APT attack activities. These activities were primarily concentrated in regions including South Asia, Eastern Europe, and the Middle East, as shown in the figure below. Regarding the act...

05/22/2026

In 2025, the ecosystem is experiencing accelerated fragmentation: while established threat actors continue to consolidate their dominance, emerging groups are rising swiftly by leveraging automation and intelligent capabilities, making the overall threat landscape increasingly complex.

Powered by long-term monitoring from NSFOCUS Fuying Lab’s Global Threat Hunting System, the newly released 𝟮𝟬𝟮𝟱 𝗚𝗹𝗼𝗯𝗮𝗹 𝗗𝗗𝗼𝗦 𝗔𝘁𝘁𝗮𝗰𝗸 𝗟𝗮𝗻𝗱𝘀𝗰𝗮𝗽𝗲 𝗥𝗲𝗽𝗼𝗿𝘁 provides a systematic breakdown of current DDoS trends.

📥 Download the full report to decode the trends and safeguard your infrastructure: https://nsfocusglobal.com/resources/2025-global-ddos-landscape-report/

05/20/2026

To overcome bottlenecks of AI models, including low performance and high memory usage in encrypted traffic detection, NSFOCUS and Intel jointly introduced 𝙁𝙖𝙨𝙩𝙟𝙤𝙮, a next-generation, open-source traffic feature analysis framework. 😉

Powered by Intel's hardware acceleration, VPP data-processing engine, and Intel® oneAPI Toolkit, is integrated into the NSFOCUS Unified Threat Sensor ( ) to deliver:

✅ Higher detection throughput at scale
✅ Real-time threat identification — without the memory overhead
✅ Lower device costs across gateway security deployments
✅ Extensible AI detection across NSFOCUS's broader product portfolio

We've just published a joint whitepaper detailing how this Intel-optimized pipeline — from hardware acceleration to AI model deployment — is redefining what's possible in encrypted traffic detection.

📖 Download a copy:https://nsfocusglobal.com/wp-content/uploads/2026/05/NSFOCUS-and-Intel-Achieve-High-Performance-Encrypted-Traffic-Detection-Through-Fastjoy.pdf

05/15/2026

🎉 Exciting news: NSFOCUS has been included in the Visionaries in the 2026 Gartner® Magic Quadrant™ for 𝗖𝘆𝗯𝗲𝗿𝘁𝗵𝗿𝗲𝗮𝘁 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝗧𝗲𝗰𝗵𝗻𝗼𝗹𝗼𝗴𝗶𝗲𝘀!

For us, this is more than a milestone — it's a reflection of our commitment to turning threat intelligence into real, business-relevant action. 🧑‍💻

From AI-powered intelligence workflows, APT attribution research to our ThreatLens platform, we're focused on one thing: establish a full-spectrum threat intelligence product system spanning strategic, tactical, and technical levels. By deeply embedding threat intelligence into business contexts, we help enterprises advance their security operations from reactive response to proactive anticipation.

🔗 Read more:

SANTA CLARA, Calif., May 13, 2026 – On May 4, 2026, Gartner® published the Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies report (hereinafter referred to as “the Report”). NSFOCUS was included in the Visionaries quadrant. We believe, this recognition reflects the intern...

05/13/2026

In 2025, fueled by the rapid evolution of AI agents and LLMs, attacks are undergoing a paradigm shift from traditional volumetric, bandwidth-heavy confrontations to intelligent warfare centered on cognitive speed, strategic precision, and decision-making efficiency.

📈 Attack methodologies have evolved from blunt traffic suppression to highly targeted precision strikes, resulting in a marked increase in both stealth and destructive impact.

🎯 The overall threat landscape is increasingly complex. As cyber and physical worlds become more deeply coupled, DDoS is evolving into a strategic geopolitical tool.

𝙄𝙨 𝙮𝙤𝙪𝙧 𝙙𝙚𝙛𝙚𝙣𝙨𝙚 𝙨𝙩𝙧𝙖𝙩𝙚𝙜𝙮 𝙧𝙚𝙖𝙙𝙮 𝙛𝙤𝙧 𝙩𝙝𝙚 𝘼𝙄 𝙚𝙧𝙖?

📥 Download the full report to decode the trends and safeguard your infrastructure:

THANK YOU FOR YOUR INTEREST IN NSFOCUS REPORTS​ 2025 Global DDoS Attack Landscape Report In 2025, fueled by the rapid evolution of AI agents and LLMs, DDoS attacks are undergoing a paradigm shift from traditional volumetric, bandwidth-heavy confrontations to intelligent warfare centered on cogniti...

05/08/2026

⚠️ Look out! A Linux kernel privilege escalation vulnerability (𝘿𝙞𝙧𝙩𝙮 𝙁𝙧𝙖𝙜) was recently disclosed online. Attackers use the logical defects of splice system calls in conjunction with xfrm-ESP or RxRPC protocol stacks to tamper with the page cache of any read-only file without race conditions to obtain system root permissions.

This vulnerability is highly stable and concealed. 😈 Attackers can accurately tamper with the page cache of any read-only file in the system by running simple scripts; because this exploitation process is triggered by deterministic logic, it does not rely on race conditions, and only tampers with memory data without destroying the original disk files, it is difficult for traditional security tools based on disk scanning to discover in real time.

🔗 Read our analysis and mitigation advice:

Overview Recently, NSFOCUS CERT has detected a Linux kernel privilege escalation vulnerability (Dirty Frag) disclosed online. Attackers use the logical defects of splice system calls in conjunction with xfrm-ESP or RxRPC protocol stacks to tamper with the page cache of any read-only file without rac...

05/01/2026

What if attackers could walk straight through your WAF — and it would never know? 😈 That's not a hypothetical. It's 𝙂𝙝𝙤𝙨𝙩 𝘽𝙞𝙩𝙨, disclosed at 2026.

The vulnerability exploits a subtle Java encoding behavior: when a 16-bit Unicode character is narrowed to a byte, the upper 8 bits are silently dropped. Attackers craft payloads that look benign to your security tools but are decoded as live attack code by the backend. The detection chain and the ex*****on chain see two completely different things.

The impact spans virtually every critical attack category — SQL injection, RCE, file upload bypass, path traversal, authentication bypass, and SMTP injection. It even bypasses existing WAF rules protecting against known critical CVEs. No privileges needed.

🔥 Here's the difference that 𝗡𝗦𝗙𝗢𝗖𝗨𝗦 𝗪𝗔𝗙 makes:

✅ Detection happens at the decoding layer — not just pattern matching on surface strings
✅ Both standard Unicode and Ghost Bits-modified payloads are semantically decoded and blocked
✅ Protection was in place before the public disclosure: Actual interception with verifiable records

📖 Read the full technical breakdown to understand the attack chain and how our defense closes the gap:
🔗 https://nsfocusglobal.com/waf-defense-in-crisis-nsfocus-locks-down-ghost-bits-attacks-in-advance/

Incident Review In April 2026, Black Hat Asia 2026 disclosed a systematic security threat named Ghost Bits, targeting underlying encoding flaws in the Java ecosystem that can render mainstream WAF/IDS defenses completely ineffective. The core of this risk lies in inconsistent encoding interpretation...

04/30/2026

As the ecosystem continues to surge in popularity, more customers are deploying and utilizing these AI agents on a large scale. However, this growth has brought significant security challenges.

NSFOCUS LLM security assessment system 𝗔𝗜-𝗦𝗖𝗔𝗡 introduces specialized security scanning capabilities for OpenClaw and its derived ecosystems. 🛡️ New capabilities are coming soon in May:

✅ Gateway Exposure Detection: Full visibility into public network risks
✅ Credential Storage Detection: Preventing plaintext secret leaks
✅ Memory Poisoning Detection: Ensuring AI agents remain non-hijackable
✅ Supply Chain Security Detection: Multi-layer defense against malicious Skills

💡 Stay tuned for the new AI-Scan defined by lightweight scanning, high-precision detection, and intelligent enhancement.

As the OpenClaw ecosystem continues to surge in popularity, more customers are deploying and utilizing these AI agents on a large scale. However, this growth has brought significant security challenges to the forefront, including over 33 documented CVE vulnerabilities, 288+ GHSA security advisories,...