"Sneaky Log" is a sophisticated cybercrime group that emerged in late 2024, operating a Phishing-as-a-Service (PhaaS) kit called "Sneaky 2FA" which is designed to bypass two-factor authentication (2FA), also known as multi-factor authentication (MFA).
The recent surge in data breaches is a significant cause for concern, including the publicly exposed database containing more than 184 million records of email addresses, usernames, passwords, and links to account login or authorization webpages.
The NJCCIC’s email security solution has observed an increase in fake web browser update phishing campaigns. These campaigns begin with an email containing a link to a compromised website. The compromised website has a JavaScript inject that checks for the following conditions:
The scope of these SMiShing campaigns is extensive, affecting numerous US states and resulting in significant financial losses. The FTC highlighted that consumers reported losses amounting to $470 million in 2024 due to scams initiated via text messages.
The NJCCIC received reports regarding the impersonation of NJ Department of Labor and Workforce Development (DOL) personnel in SMS text phishing (SMiShing) schemes. Cybercriminals are contacting claimants via text message, identifying themselves as "NJLWD".
Critical severity vulnerabilities CVE-2025-5777 and CVE-2025-6543 were identified in Citrix NetScaler ADC and NetScaler Gateway. CVE-2025-5777 could allow unauthorized attackers to steal valid session tokens from the memory of internet-facing NetScaler devices via malformed requests.
The NJCCIC’s email security solution observed a new phishing campaign targeting Intuit login credentials. In this campaign, threat actors send an email impersonating accounting software Intuit QuickBooks. While the spoofed email address may appear to come from Intuit at first glance...
Over the last week, the NJCCIC has received several incident reports from NJ residents regarding an SMS text phishing (SMiShing) scam impersonating the Department of Motor Vehicles (DMV). These messages claim that the user has an outstanding traffic ticket.
The NJCCIC continues to receive reports of scams targeting and impersonating business executives using social engineering tactics. Threat actors perform reconnaissance on organizations to target and impersonate business executives, including chief executive officers.
The NJCCIC recently reported on malicious QR codes used in multiple quishing campaigns impersonating human resources or information technology. The NJCCIC’s email security solution observed a similar quishing campaign attempting to deliver malicious QR codes.
