The NJCCIC received a new wave of reports of SMS text phishing (SMiShing) scams impersonating the New Jersey Motor Vehicle Commission (MVC). These urgent-sounding messages claim to be a final notice about an unpaid traffic violation, with a short deadline to...
Monroe University disclosed a data breach affecting over 320,000 people. Threat actors gained unauthorized access to computer systems for two weeks in December 2024 and acquired copies of some files. A review of the files revealed stolen personal, financial, and health information.
Salt Typhoon is believed to be behind a recently disclosed cyber espionage campaign targeting US House committees and staff. In December 2025, researchers identified intrusions that compromised email systems within the US House of Representatives.
The NJCCIC observed a phishing campaign targeting MetaMask cryptocurrency wallets. The message appears to come from MetaMask, but the actual originating email address can be found in the header information. The threat actor also uses Punycode in the "From" field...
The NJCCIC observed a phishing campaign that abused the legitimate Docusign, leading to the installation of the LogMeIn Resolve remote monitoring and management (RMM) tool. The email is not sent from a legitimate Docusign domain, such as docusign[.]com or docusign[.]net.
The Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre, in collaboration with other federal and international partners, have released Secure Connectivity Principles for Operational Technology guidance to help asset owners.
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.
A vulnerability has been discovered in Cisco Unified Communications Products which could allow for remote code execution. Cisco Unified Communications (UC) Products are an integrated suite of IP-based hardware and software that combine voice, video, messaging, and data into a...
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user
Yesterday, the NJCCIC released an advisory, Increase in Compromised NJ Public Sector Accounts. Common threads observed in these incidents are a lack of or misconfigured Sender Policy Framework, and Domain-based Message Authentication, Reporting, and Conformance records.
