The US-Israel military operations against Iran that commenced on February 28 represent a significant escalation in hostilities that carries substantial cyber risk for US public and private sector organizations. Iran has demonstrated the capability and willingness to employ cyber...
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user.
Multiple vulnerabilities have been discovered in Mozilla Firefox, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow...
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.
Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager Mobile which could allow for remote code execution. Ivanti Endpoint Manager Mobile is a mobile management software engine that enables IT to set policies for mobile devices, applications and content.
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution as root, which may lead to the complete...
A vulnerability has been discovered in pac4j-jwt (JwtAuthenticator) which could allow for authentication bypass. pac4j-jwt is a Java module within the pac4j security framework designed for generating, validating, and managing JSON Web Tokens (JWT) to secure web applications and services.
On February 6, BeyondTrust issued a security advisory for the BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability ( CVE-2026-1731 ). This critical vulnerability (CVSS score of 9.9) may be triggered through specially crafted client requests.
The NJCCIC observed an increase in phishing emails with human resources (HR)-related lures. These messages claim to distribute revised employee handbooks and ask recipients to confirm receipt by completing the acknowledgment form that is included in the attachment.
The NJCCIC observed a QR code phishing campaign targeting New Jersey State employees. Threat actors sent urgent messages claiming that the target’s mailbox would be deleted, without providing further instructions and leaving users with only the option to click the attachment.
