The NJCCIC observed an increase in phishing campaigns impersonating copyright infringement notices for media shared on the Meta platform. The notices appear to be sent by Meta or its legal counsel and threaten action, such as account deletion, if the media is not removed or a response...
The NJCCIC received reports of another retirement benefits meeting phishing campaign targeting pension plan members, including New Jersey teachers. Cyber threat actors use social engineering tactics to initiate contact by email. The subject line includes the target...
The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). Axios is an HTTP client for JavaScript that developers commonly use in...
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.
The NJCCIC observed an increase in phishing emails claiming to provide updated employee compensation records, often implying a base pay increase. In one instance, the messages included an Adobe PDF attachment with a QR code that directed users to a counterfeit...
CyberAv3ngers is intensifying its attacks on US water and energy utilities. The group is an Iranian advanced persistent threat (APT) with ties to the Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). In its latest campaign, CyberAv3ngers have been observed...
The NJCCIC was informed of a phishing campaign impersonating Zoho with the subject line "New sign-in from an unverified location." The email is sent from "Zoho Team" and contains a link to "Review Account Activity." This link, as well as the URL below it, directs users to a webpage...
The Transportation Security Administration (TSA) is issuing this Cybersecurity Awareness Message (CAM) to provide our industry partners with best practices, current cybersecurity risks, recent incidents, and planning considerations ahead of the 2026 FIFA World Cup events.
Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected service account.
ultiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user.
