The article examines recent high‑severity NGINX CVEs, revisits historic over‑hyped bugs, explains why CVSS scores alone mislead, outlines the typical hype lifecycle, and proposes a risk‑based assessment workflow for security teams to avoid chasing phantom threats.
In his 2025 World Internet Conference Digital Silk Road Forum keynote, Zhou Hongyi warned that the programmable, AI‑driven, data‑centric world amplifies cyber vulnerabilities, described the rise of state‑level cyber warfare and AI‑powered attacks, and outlined 360’s security‑as‑service strategy and global cooperation plans to protect nations and enterprises.
The 2025 Global Digital Economy Conference highlighted the fusion of big data and AI in security, revealing both the transformative potential of large‑model technologies for operational efficiency and the critical challenges they pose, while showcasing 360's AI‑native platform and measurable performance gains.
This article explains how the rise of AI large‑model technology and Retrieval‑Augmented Generation (RAG) combined with autonomous AI agents enable a three‑layer network‑boundary defense, address deep operational challenges such as alert overload and response latency, and dramatically improve incident‑response efficiency in large‑scale enterprises.
Ant Group’s “Aspect‑Fusion Intelligence” system, recognized as an outstanding cybersecurity case at the 2025 Beijing Cybersecurity Conference, leverages large‑model AI and expert knowledge to enhance threat detection, lower false positives, and improve explainability in large‑scale intrusion detection.
This article explains how large‑model AI can be integrated into security operations (AISECOPS) to simplify application integration, improve fault detection, and automate protection across complex north‑south and east‑west network layers, while addressing challenges such as data quality, cost control, model selection, and safety frameworks.
This article presents a comprehensive overview of AI‑enabled security operations, detailing the industry pain points, the AISECOPS workflow, model selection between OpenAI embeddings and ST5, classification methods, performance and cost evaluations, and future directions for integrating agents and secure AI pipelines.
The article examines the critical CVE-2024-6387 OpenSSH 0‑day remote code execution flaw, explains its technical details, and outlines JD Cloud's comprehensive emergency response, attack‑surface management, precise vulnerability intelligence, and managed security services to help enterprises mitigate such threats.
Huolala’s Information Security team built a comprehensive security asset library and visualization framework, detailing asset pain points, mapping methodology, detection and drawing modules, and measurable outcomes, to enhance asset visibility, risk assessment, and continuous security operations in a cloud‑native environment.
This article explores how HuoLala's host security HIDS leverages Neo4j graph databases and the Neovis.js visualization library to unify process, network, and file data, enabling rapid attack‑chain reconstruction, efficient multi‑cloud incident response, and improved security operations.
The 21st GOPS Global Operations Conference in Shanghai featured a Tencent Security expert who explained how attack simulation (BAS) provides continuous security control testing, risk assessment for high‑value assets, and a structured workflow that enhances security maturity and investment decisions.
This guide outlines a complete data security architecture, covering protection systems, design principles, overall framework concepts, management and technical systems, and operational processes, emphasizing holistic, lifecycle‑focused strategies rather than isolated security domains.
The online Huolala Security Salon on August 19 featured eight expert sessions covering enterprise security foundations, purple‑team tactics, security training programs, data‑security compliance practices, LLSRC award recognitions, game vulnerability analysis, the evolution of code‑audit techniques, and the design of a flexible security operations platform.
The article summarizes Wei Yadong’s 2022 GDevOps Global Agile Operations Summit talk, covering the escalating threat landscape, financial industry security requirements, practical DevSecOps strategies, ICBC’s security transformation, and future trends such as security mesh, privacy‑enhancing computation, and decision intelligence.
This article details the challenges, design choices, deployment steps, detection model creation, data processing, visualization, and future plans of JD Daojia's security operations platform, highlighting the use of Graylog, Elasticsearch, and MongoDB to achieve scalable, real‑time threat detection and response.
This comprehensive guide walks security engineers through every phase of an incident response—from initial information gathering, containment, and vulnerability scanning to detailed log, process, and account analysis, culminating in recovery steps and post‑incident hardening recommendations.
This article describes Qunar's end‑to‑end automated workflow for detecting high‑risk Jar component vulnerabilities, collecting asset information, orchestrating remediation with a SOAR platform, and leveraging the TCDEV auto‑upgrade service to reduce manual effort and improve security operations efficiency.
iQIYI’s SOAR platform, built on StackStorm and the Walkoff visual editor, integrates security components, scripts, chat‑ops bots, and a mini‑program to automate detection and response, cutting MTTR by roughly 75% across high‑frequency routine tasks and low‑frequency critical incidents while planning broader coverage and knowledge‑base expansion.
This article presents the complete PPT from Zhu Yanyong’s CSDN live session, detailing offensive and defensive practices for ensuring network security during large‑scale events, covering threat modeling, DDoS mitigation, WAF deployment, incident response, and post‑event analysis.
This guide explains recent cloud‑based data‑leak incidents, categorizes common leak vectors, analyzes technical and managerial root causes, and provides actionable monitoring techniques, rule‑configuration examples, and incident‑response steps using Tencent Cloud Security Operations Center.
Effective intrusion detection for large enterprises hinges on combining signature‑based pattern matching with baseline anomaly modeling, gathering comprehensive host and network logs, focusing on the GetShell foothold, managing alert fatigue, and integrating AI‑enhanced feature engineering while maintaining robust operational foundations and continuous expertise development.
The article chronicles Meituan‑Dianping’s external network port monitoring evolution—from slow Python‑driven Nmap scans to a fast Masscan‑Nmap pipeline and real‑time traffic‑driven DPDK module—explaining black‑box scanning, white‑box analysis, best‑practice recommendations, and the critical role of continuous port visibility for security.
This article details Zhaogang's journey from a chaotic startup environment to a mature, multi‑stage security operation, covering its background, the four‑phase security framework, traditional security domains, and practical strategies for driving security initiatives across the organization.
This article recounts a Ctrip security engineer’s evolution from early Unix‑based operations to fully automated network security, highlighting challenges in forecasting, application security integration, rapid incident response, and large‑scale firewall automation within a fast‑growing enterprise.
This article shares YY's security operations journey, detailing real incident response scenarios, the evolution of their security infrastructure from 2012 onward, and the key factors considered when building a robust security ops system, including DDoS protection, WAF, vulnerability scanning, intrusion detection, and data‑driven automation.
This article outlines why proactive information‑security preparedness, cross‑department response teams, and clear incident‑response checklists are essential for minimizing damage and maintaining trust when a data breach occurs.
The article presents a comprehensive list of one hundred concrete web‑application security techniques—ranging from HTTP request analysis and token validation to WAF rule conversion, honeypot deployment, IP reputation checks, and response‑time monitoring—derived from the book “Web Application Defender's Cookbook” and illustrated with real‑world examples and tool references.
