On May 27, Garden State Cyber and the NJCCIC hosted the second annual Garden State CTF Finals and Summit at The College of New Jersey (TCNJ). Over 1,700 students, 500 teams, and 86 schools from around New Jersey competed in the capture the flag (CTF) competition this year.
The Federal Bureau of Investigation (FBI) issued this Public Service Announcement (PSA) to warn the public that cyber threat actors are conducting spoofing attacks against the Fédération Internationale de Football Association (FIFA ) website in advance of the 2026 FIFA World Cup.
OAuth device code phishing campaigns harvest access tokens without requiring targets to enter their credentials, enabling cyber threat actors to bypass multi-factor authentication (MFA). In early 2026, the EvilTokens Phishing-as-a-Service (PhaaS) platform launched OAuth...
he NJCCIC received a new wave of reports about SMS phishing (SMiShing) scams. In this campaign, threat actors impersonated both the New Jersey State Police and the NJ Motor Vehicle Commission (MVC). These urgent-sounding messages claim to be vehicle enforcement...
The Federal Bureau of Investigation (FBI) released this FBI Liaison Alert System (FLASH) to disseminate indicators of compromise (IOCs) and identified tactics, techniques, and procedures (TTPs) associated with the First VPN Service. The service has been active since approximately 2014.
The NJCCIC is happy to announce that the application window for the following summer internship programs is open: Cyber Safety Cadet - Grades 6, 7, 8 Cyber Safety Patrol - Grades 3, 4, 5 Cyber Safety Watch - Grades K, 1, 2 Please see the summer internship webpage for more details.
The NJCCIC observed several business email compromise (BEC) campaigns featuring a message chain targeting Accounts Payable departments. The messages appear to be a previous conversation thread from an impersonated executive at the targeted organization regarding...
Odyssey Stealer is an advanced information-stealing malware designed specifically for macOS devices. Threat actors use a ClickFix social engineering technique through software malvertising, phishing campaigns, or fake software update prompts to lure potential victims into...
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the...
Multiple vulnerabilities have been discovered in NGINX. NGINX is a software used for web serving, reverse proxying, caching, and load balancing. Successful exploitation of the most severe of these vulnerabilities may allow an unauthenticated threat actor to crash vulnerable NGINX worker...
