Jotform is used to create online forms and apps to collect data, process payments, and automate workflows without coding. It is a versatile tool for businesses and individuals in legitimate use cases. However, Jotform can also create opportunities for threat actors to exploit it.
A vulnerability has been discovered in CWP (aka Control Web Panel or CentOS Web Panel), which could allow for remote code execution. CWP, or Control Web Panel, is a free server administration tool for enterprise-based Linux distributions like CentOS, which simplifies managing web...
Conduent Business Services, LLC (“Conduent”) is a third-party service provider for services related to printing and mailroom, document processing, payment integrity, government benefits, and other back-office support services. On January 13, Conduent discovered...
Account compromises typically occur due to phishing emails, credential compromise, a lack of multi-factor authentication (MFA), exploited vulnerabilities, and data breaches. The NJCCIC recently received a report of a compromised account due to MFA fatigue (or MFA prompt bombing) .
A mysterious email arrives in your inbox, promising treasures beyond your dreams if you visit the provided website within the hour. With only thoughts of a dream vacation, you click the link, and the page loads, asking for a CAPTCHA verification to continue.
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) collaborated with international cybersecurity partners to develop a guide to help network defenders harden on-premises Exchange servers against exploitation.
The NJCCIC observed a phishing campaign targeting several public sector organizations in New Jersey. These emails are sent from accounts ending in the domain "benefitsfactor[.]com" and contain subject lines similar to "Confidential: Compensation Update for (recipient)."
A vulnerability has been discovered in Microsoft Windows Server Update Services (WSUS) which could allow for remote code execution. WSUS is a tool that helps organizations manage and distribute Microsoft updates across multiple computers. Instead of every PC downloading updates from...
Modernizing Medicine, Inc. (ModMed) discovered unauthorized activity in certain computer servers used by its podiatry practice clients. Between July 9 and July 10, 2025, a threat actor accessed and copied sensitive information stored on these internal servers.
Central Jersey Medical Center, Inc. (CJMC) announced a data breach in which personally identifiable information and protected health information of certain patients may have been compromised. On August 25, 2025, a threat actor gained unauthorized access to the CJMC...
