The NJCCIC received reports of a surge in cryptocurrency scams in the past month. These scams aim to steal personally identifiable information (PII), private keys, wallet addresses, and funds. In fraudulent investment schemes, threat actors impersonate legitimate organizations, and more.
Malicious cell phone applications can hide in plain sight, often disguised as legitimate programs. Threat actors aim to deceive users into installing malicious software and giving permissions far beyond what legitimate apps require. To avoid the inherent distrust that users...
The Cybersecurity and Infrastructure Security Agency (CISA) and US Coast Guard (USCG) are issuing this Joint Cybersecurity Advisory to present findings from a recent CISA and USCG hunt engagement. The purpose of this advisory is to highlight identified cybersecurity issues, thereby...
The Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) with analysis and associated detection signatures on files related to Microsoft SharePoint vulnerabilities. Cyber threat actors have chained CVE-2025-49704 and CVE-2025-49706.
Over the last several days, SonicWall issued an advisory of a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSL VPN is enabled. A likely zero-day vulnerability in SonicWall VPNs is being actively exploited.
The Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this Joint White Paper to raise awareness of cyber threat actors (CTAs) activity targeting vendor accounts within vendor portals belonging to US state, local, tribal...
Over the last several years, there has been a recent increase in video teleconferencing (VTC) hijacking incidents, specifically "Zoom Bombing." These incidents involve unwanted individuals accessing a VTC meeting, sharing inappropriate or hateful content, etc.
Credential harvesting remains a constant threat to digital security. As more services find their way online, a deluge of passwords is needed to keep up with different services used daily, leading to insecure password practices, including password reuse, simple passwords...
Over the last several months, security researchers have observed threat actors targeting Microsoft 365 (M365) accounts in phishing campaigns that bypass security controls. The technique allows threat actors to spoof internal M365 users and deliver emails using Microsoft Exchange...
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.
