Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user.
Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system.
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.
The NJCCIC received reports of threat actors impersonating multiple New Jersey local municipalities to steal sensitive data and funds and exploit public trust. Threat actors take advantage of residents who interact with their local municipalities regularly and are more likely to trust...
The NJCCIC has observed threat actors continuing to exploit remote monitoring and management (RMM) tools such as PDQ Connect, ScreenConnect, ITarian, and Atera to remotely access target environments. The use of RMM software enables threat actors to gain initial access...
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches.
TransUnion, one of the major US credit reporting agencies, disclosed a data breach that took place in July 2025, impacting 4.4 million customers. The data breach involved a third-party application that stored personal customer data and served its US consumer support operations.
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.
Gift cards are popular gift ideas year-round and a favorite for scammers. Threat actors request them in social engineering schemes as they can be used as easily as cash, work as a payment method not linked to a specific person, and do not have the same protections as credit cards.
The NJCCIC observed a new adversary-in-the-middle (AiTM) phishing campaign aimed at harvesting credentials. This campaign starts with an email claiming to be from the help desk, with a link provided to reset or retain the current password.
