The Cybersecurity and Infrastructure Security Agency (CISA) believes the threat activity may be part of a larger campaign targeting various SaaS companies’ cloud applications with default configurations and elevated permissions.
CISA urges users and administrators to review the mitigations and apply necessary patches and updates for all systems.
CISA added CVE-2025-3928 to the Known Exploited Vulnerabilities Catalog and is continuing to investigate the malicious activity in collaboration with partner organizations.
Reporting
The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.
Please do not hesitate to contact the NJCCIC at njccic@cyber.nj.gov <wbr />with any questions. Also, for more background on our recent cybersecurity efforts, please visit cyber.nj.gov.
