Cyber threats in the Philippines are shifting toward human-centric manipulation. Organized syndicates now use sophisticated social engineering, such as impersonating government officials and hijacking technical platforms like Axios, to bypass automated security and compromise enterprises.
Recent supply chain attacks on widely used development tools and severe network equipment vulnerabilities demand immediate patching. Additionally, Philippine enterprises are advised to maintain strict vigilance against persistent, state sponsored cyber espionage and data harvesting operations.
Philippine authorities are intensifying crackdowns on illegal gambling and regional scam hubs, while Meta has disabled 150,000 fraudulent accounts. Concurrently, enterprises face rising threats from APT41 espionage, sophisticated VPN phishing, and critical vulnerabilities in Microsoft and Veeam.
The Philippine government has shifted to monitoring Telegram, while the BSP proposes annual cyber self-assessments for banks. Regionally, the FBI is targeting industrialized scam hubs. Meanwhile, threat actors are weaponizing AI tools and malicious web apps to bypass enterprise defenses.
90 reports
Microsoft's April 2026 update addresses 167 vulnerabilities, including two active zero-days: CVE-2026-32201 in SharePoint and CVE-2026-33825 in Microsoft Defender. With eight critical flaws identified, including remote code execution, administrators must prioritize these patches immediately.
wolfSSL disclosed a critical signature verification vulnerability. This flaw allows attackers to bypass cryptographic trust mechanisms and forge digital identities. Organizations should update to version 5.9.1 to prevent unauthorized access.
Marimo disclosed a critical remote code execution vulnerability. This flaw allows unauthenticated attackers to gain root access via the terminal WebSocket endpoint. Enterprises must immediately update to version 0.23.0 to protect sensitive AI workloads.
Fortinet disclosed a critical zero-day vulnerability in FortiClient EMS. This flaw allows unauthenticated attackers to bypass authentication and execute commands. Enterprises are advised to update to version 7.4.7 immediately to prevent full system compromise.
Ninja Forms disclosed a critical file upload vulnerability. This flaw allows unauthenticated attackers to upload malicious scripts and achieve remote code execution. Enterprises are advised to immediately update the plugin to version 3.3.27 or later.
North Korean threat group UNC1069 hijacked the Axios library through a sophisticated social engineering campaign. By impersonating tech executives in fake Slack workspaces, attackers pressured maintainers into installing malware disguised as system updates. This highlights the risk to developers.
Iran-linked threat actors are pivoting from espionage to disruptive cyber warfare against critical infrastructure. Using malware like IOCONTROL, groups target internet-facing industrial controllers in the water and energy sectors. This escalation includes destructive wiper attacks on US firms.
Flowise disclosed a maximum severity remote code execution vulnerability. This flaw allows unauthenticated attackers to inject malicious scripts, leading to full system takeover. Enterprises are advised to immediately update to version 3.1.1 to mitigate risk.
Researchers at the University of Toronto’s Citizen Lab released a report on how global law enforcement and government agencies utilize Webloc, a “global geolocation surveillance” tool by software developer company, Penlink. Webloc leverages advertising intelligence (ADINT) to track devices and monitor the movement of individuals. ADINT is the practice
The LucidRook campaign targets Taiwan-based organizations using sophisticated spear-phishing and geofencing. Attackers bypass security controls with password-protected archives to deploy malware via malicious shortcuts. This cluster focuses on stealing sensitive data through social engineering.
Cybercrime in Southeast Asia is shifting toward organized, cross-border networks. In the Philippines, syndicates exploit government trust through social engineering and banking trojans. This human-centric approach combines manipulation with malware to facilitate unauthorized fund transfers.
The Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to patch a critical vulnerability in Citrix NetScaler appliances. This flaw allows unauthorized actors to steal sensitive data. Security experts warn that thousands of systems remain exposed to this threat.
The Cybersecurity and Infrastructure Security Agency (CISA) warns that threat actors are actively exploiting a critical vulnerability within the Langflow framework. This flaw allows unauthorized individuals to execute remote code and harvest sensitive credentials from AI workflows.
Oracle released an urgent security update to address a critical remote code execution vulnerability affecting its identity and web services platforms. This flaw allows unauthorized actors to seize control of enterprise systems. Organizations are advised to apply the provided patch immediately.
Ubiquiti has disclosed a maximum severity security flaw in its network management software. This directory navigation vulnerability allows unauthorized actors to bypass restrictions and seize full control of systems. Administrators are advised to update all platforms immediately.
The Federal Bureau of Investigation (FBI) warns that the threat actor group known as Handala uses specialized malware to target civilians and journalists. Linked to the Iranian Ministry of Intelligence and Security, these operations exploit messaging bots to exfiltrate sensitive data.
The Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to patch a critical vulnerability in Citrix NetScaler appliances. This flaw allows remote actors to steal sensitive data from memory. Organizations must update systems immediately to prevent active exploitation.
Recent supply chain attacks targeting Axios and Trivy have exposed critical vulnerabilities in enterprise software dependencies. These incidents allowed threat actors to steal credentials and install malicious software. Organizations are advised to rotate keys and audit systems.
The Federal Communications Commission (FCC) has expanded its list of restricted equipment to include foreign manufactured routers. This decision follows major cyber attacks on critical infrastructure. While existing devices remain functional, businesses are advised to audit procurement.
NVIDIA has issued critical security updates to address a severe vulnerability within its enterprise artificial intelligence software infrastructure. This flaw enables remote command execution and system disruption. Organizations are advised to apply these patches immediately.
Sophisticated voice phishing scams are rising as criminals use stolen personal data and recorded messages to deceive bank clients. By mimicking legitimate automated systems and creating a false sense of urgency, threat actors successfully bypass security to execute unauthorized transfers.
Handala, an Iranian-linked threat group, sabotaged medical giant Stryker by weaponizing Microsoft Intune. By compromising a Global Admin account, they issued a mass remote wipe command, factory-resetting 80,000 devices. This signals a shift from cyber espionage to destructive sabotage.
Threat actors are using search engine optimization poisoning to distribute fake VPN clients impersonating Fortinet and Cisco. These malicious sites trick users into downloading credential-stealing malware, granting attackers direct, authenticated access to corporate networks.
Apple released critical patches for older iOS and iPadOS devices to address vulnerabilities exploited by the Coruna kit. These flaws allow threat actors to bypass security and gain total device control. Active exploitation has been confirmed, targeting sensitive data and crypto wallets.
Veeam disclosed four critical remote code execution vulnerabilities in its Backup and Replication platform, carrying a high severity score of 9.9. These flaws allow low-privileged users to gain total control of backup servers, posing a significant risk of ransomware attacks and data loss.
Google disclosed two zero-day vulnerabilities in the Chrome Skia and V8 engines. These flaws allow remote code execution via malicious webpages. With active exploitation confirmed, organizations must immediately update Chromium-based browsers to prevent unauthorized system access.
Microsoft released its March 2026 update, patching 79 vulnerabilities including two zero-days. A critical remote code execution flaw in the Microsoft Devices Pricing Program, carrying a severity score of 9.8, highlights the release. Adobe, Cisco, and Fortinet also issued security patches.
The Chinese-linked threat actor Silver Dragon, part of the APT41 umbrella, is conducting a sophisticated espionage campaign across Southeast Asia. By utilizing techniques like DLL side-loading, the group targets government entities and critical infrastructure to harvest long-term intelligence.
The Philippine CICC is intensifying its crackdown on illegal gambling, though an automated system glitch recently disrupted legitimate platforms. Concurrently, Meta removed 150,000 scam-linked accounts in Southeast Asia, signaling a rigorous regional effort to combat cyber fraud.
The Professional Regulation Commission reportedly suffered a massive data leak involving 9 gigabytes of sensitive licensing documents and personal information. Allegedly executed by the threat actor FEMBOYSEC, the breach underscores critical cybersecurity gaps in the government’s digital shift.
U.S. and Australian agencies have issued joint warnings of potential cyberattacks against financial institutions tied to Middle East tensions. CISA and ACSC urge proactive defense against DDoS and hacktivist threats to mitigate operational, reputational, and regulatory risks.
U.S. and international agencies warn of heightened cyber threats from Iran targeting financial institutions. Organizations face risks of operational disruption via DDoS attacks and reputational damage. Security leaders must prioritize proactive defense and cyber hygiene to mitigate impacts.
A critical zero-day vulnerability in Ivanti VPN appliances allows remote attackers to gain full system control. State-sponsored actors are using RESURGE malware to maintain hidden, persistent access.
A high-severity vulnerability in Google Chrome allows malicious browser extensions to hijack the Gemini panel. This flaw grants attackers access to cameras, microphones, and local files. Enterprises must ensure all endpoints are updated to Chrome version 143.0.7499.192 or later to mitigate risks.
The "ClawJacked" vulnerability in OpenClaw allows remote attackers to hijack local AI agents via malicious websites. This zero-click exploit grants full control over developer environments, including file exfiltration and system commands. Organizations must update to version 2026.2.25.
A zero-day vulnerability in Microsoft HTML allows attackers like APT28 to bypass security warnings and execute code via malicious files. Exploited in the wild, this flaw targets Windows systems. Organizations are advised to apply the February 2026 security updates immediately to mitigate risk.
A critical zero-day in Ivanti VPNs allows remote attackers to gain full system control via RESURGE malware. State-sponsored actors use this to maintain hidden persistence. Standard patches are insufficient; organizations are advised to use specialized tools to detect the threat.
A critical SSRF vulnerability in the Angular SSR framework allows attackers to redirect internal traffic and exfiltrate sensitive data. With a CVSS of 9.2, this flaw enables private network probing. Organizations are advised to immediately update to Angular version 19.2.21 or higher.
A command injection vulnerability in Soliton Systems FileZen allows authenticated users to execute malicious commands. CISA confirmed active exploitation, adding it to the KEV catalog. Organizations are advised to update to version 5.0.11 or later to prevent full system compromise.
SolarWinds disclosed four critical vulnerabilities in its Serv-U platform, allowing attackers to execute commands with administrator privileges. With a CVSS of 9.1, these flaws pose a severe risk. Organizations are advised to update to version 15.5.4 immediately.
A privilege escalation vulnerability in Windows Error Reporting allows low-level users to gain administrative control. With a public exploit available, the risk to Windows 10, 11, and Server environments is high. Organizations are advised to apply the January 2026 security updates immediately.
A phishing campaign uses the fraudulent domain google-prism[.]com to deploy malicious Progressive Web Apps and Android payloads. This attack steals credentials, locations, and contacts while mimicking native Google apps. Organizations should advise users to only use myaccount.google.com.
The 1Campaign service allows threat actors to bypass Google security by hiding malicious ads. Using fraud scoring, it hides phishing sites from scanners while targeting employees via sponsored links. Organizations should implement ad-blocking and mandate the use of official software channels.
Threat actors are weaponizing generative AI tools like CyberStrikeAI and ChatGPT to automate reconnaissance and craft sophisticated phishing campaigns. Additionally, a critical Google Cloud API flaw has exposed sensitive Gemini endpoints, risking massive financial loss and data theft.
The DICT retracted its Telegram ban following a cooperation agreement on illegal content monitoring. Simultaneously, the BSP proposed annual cybersecurity self-assessments for financial firms, while authorities intensified crackdowns on illegal lending apps to combat data privacy abuse.
The FBI partnered with Southeast Asian law enforcement to dismantle industrialized scam compounds linked to organized crime. These hubs utilize forced labor for global "pig butchering" schemes. The joint effort focuses on seizing assets and disrupting transnational cyber fraud networks.
Global ransomware attacks surged by 50 percent in 2025, but total payments fell as victim payment rates dropped to a record-low 28 percent. Organizations are increasingly refusing to pay, shifting the threat landscape toward data extortion and targeting vulnerable small-to-medium enterprises.
The "Chat & Ask AI" application, with over 50 million downloads, suffered a massive data breach due to a misconfigured Firebase database. The exposure leaked sensitive user conversations and settings, highlighting the risks of unvetted AI "wrapper" apps and Shadow IT in the enterprise.
Researchers identified vulnerabilities in major cloud password managers, including Bitwarden and LastPass, that could allow attackers to bypass zero-knowledge protections. While no active exploitation is confirmed, the flaws highlight risks in encrypted data sharing and server security.
A critical authentication bypass vulnerability in Honeywell CCTV cameras allows remote attackers to perform full account takeovers by manipulating password recovery APIs. With a severity score of 9.8, the flaw enables unauthorized surveillance, network pivoting, and physical security breaches.
