Recent incidents expose severe risks to Philippine companies from state-backed hacking groups, unverified government data breaches, and compromised third-party software. Organizations are advised to track software vulnerabilities and secure cloud configurations to prevent massive data theft.
Cyber threats in the Philippines are shifting toward human-centric manipulation. Organized syndicates now use sophisticated social engineering, such as impersonating government officials and hijacking technical platforms like Axios, to bypass automated security and compromise enterprises.
Recent supply chain attacks on widely used development tools and severe network equipment vulnerabilities demand immediate patching. Additionally, Philippine enterprises are advised to maintain strict vigilance against persistent, state sponsored cyber espionage and data harvesting operations.
Philippine authorities are intensifying crackdowns on illegal gambling and regional scam hubs, while Meta has disabled 150,000 fraudulent accounts. Concurrently, enterprises face rising threats from APT41 espionage, sophisticated VPN phishing, and critical vulnerabilities in Microsoft and Veeam.
101 reports
A critical Linux kernel vulnerability allows unprivileged users to gain full root access by exploiting a logic flaw in the cryptographic subsystem. This memory-only exploit enables stealthy backdoor injection and container escapes without leaving a digital footprint.
An alleged data breach involving the Philippine Drug Enforcement Agency was reported on April 18, 2026, with threat actor "FEMBOYSEC" claiming to hold 400GB of sensitive data. The leak reportedly includes 100,000 PII records and pharmaceutical certificates, though official verification is pending.
A NASA investigation revealed a multi-year Chinese spear-phishing campaign targeting export-controlled aerospace software. The threat actor used social engineering to infiltrate defense networks. This highlights persistent regional risks for the Philippines' critical infrastructure.
ShinyHunters is targeting global brands like Udemy and 7-Eleven by exploiting Salesforce misconfigurations, while over 80 Chrome extensions were found harvesting data from 6.5 million users. Enterprises must audit cloud permissions and mandate separate browser profiles for work and personal use.
Cloud platform Vercel confirmed a data breach after a supply chain attack on a third-party AI tool, Context.ai. Threat actors used stolen OAuth tokens to access internal systems. Enterprises are advised to revoke the Context.ai OAuth app and restrict broad third-party permission grants.
International agencies warn of China-linked threat actors using compromised devices to build botnets for covert espionage. These networks disguise malicious traffic as legitimate consumer activity. Enterprises are advised to update end-of-life devices, implement MFA, and adopt zero-trust.
NIST is scaling back National Vulnerability Database enrichment due to a 263 percent increase in submissions. Only high-priority CVEs will receive severity scores and details. Organizations are advised to adopt proactive management strategies, as they can no longer rely on NIST as a sole source.
SGLang has a critical vulnerability that enables remote code execution via malicious GGUF model files. The flaw lacks process isolation, allowing attackers to control host systems, steal data, or copy intellectual property.
A critical vulnerability in the Breeze Cache WordPress plugin allows unauthenticated file uploads and remote code execution. The flaw enables full site takeover. Enterprises are advised to update to version 2.4.5 or disable local Gravatar hosting immediately.
Microsoft has issued emergency patches for CVE-2026-40372, a critical ASP.NET flaw. The vulnerability allows unauthenticated attackers to forge credentials and gain system-level privileges. Enterprises are advised to update to version 10.0.7 and rotate data protection key rings.
On April 22, 2026, a supply chain attack targeted the Bitwarden CLI npm package, injecting malware to steal cloud tokens and SSH keys. Enterprises are advised to rotate developer credentials and audit third-party vendor risks to mitigate vulnerabilities in automated software build environments.
Microsoft's April 2026 update addresses 167 vulnerabilities, including two active zero-days: CVE-2026-32201 in SharePoint and CVE-2026-33825 in Microsoft Defender. With eight critical flaws identified, including remote code execution, administrators must prioritize these patches immediately.
wolfSSL disclosed a critical signature verification vulnerability. This flaw allows attackers to bypass cryptographic trust mechanisms and forge digital identities. Organizations should update to version 5.9.1 to prevent unauthorized access.
Marimo disclosed a critical remote code execution vulnerability. This flaw allows unauthenticated attackers to gain root access via the terminal WebSocket endpoint. Enterprises must immediately update to version 0.23.0 to protect sensitive AI workloads.
Fortinet disclosed a critical zero-day vulnerability in FortiClient EMS. This flaw allows unauthenticated attackers to bypass authentication and execute commands. Enterprises are advised to update to version 7.4.7 immediately to prevent full system compromise.
Ninja Forms disclosed a critical file upload vulnerability. This flaw allows unauthenticated attackers to upload malicious scripts and achieve remote code execution. Enterprises are advised to immediately update the plugin to version 3.3.27 or later.
North Korean threat group UNC1069 hijacked the Axios library through a sophisticated social engineering campaign. By impersonating tech executives in fake Slack workspaces, attackers pressured maintainers into installing malware disguised as system updates. This highlights the risk to developers.
Iran-linked threat actors are pivoting from espionage to disruptive cyber warfare against critical infrastructure. Using malware like IOCONTROL, groups target internet-facing industrial controllers in the water and energy sectors. This escalation includes destructive wiper attacks on US firms.
Flowise disclosed a maximum severity remote code execution vulnerability. This flaw allows unauthenticated attackers to inject malicious scripts, leading to full system takeover. Enterprises are advised to immediately update to version 3.1.1 to mitigate risk.
Researchers at the University of Toronto’s Citizen Lab released a report on how global law enforcement and government agencies utilize Webloc, a “global geolocation surveillance” tool by software developer company, Penlink. Webloc leverages advertising intelligence (ADINT) to track devices and monitor the movement of individuals. ADINT is the practice
The LucidRook campaign targets Taiwan-based organizations using sophisticated spear-phishing and geofencing. Attackers bypass security controls with password-protected archives to deploy malware via malicious shortcuts. This cluster focuses on stealing sensitive data through social engineering.
Cybercrime in Southeast Asia is shifting toward organized, cross-border networks. In the Philippines, syndicates exploit government trust through social engineering and banking trojans. This human-centric approach combines manipulation with malware to facilitate unauthorized fund transfers.
The Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to patch a critical vulnerability in Citrix NetScaler appliances. This flaw allows unauthorized actors to steal sensitive data. Security experts warn that thousands of systems remain exposed to this threat.
The Cybersecurity and Infrastructure Security Agency (CISA) warns that threat actors are actively exploiting a critical vulnerability within the Langflow framework. This flaw allows unauthorized individuals to execute remote code and harvest sensitive credentials from AI workflows.
Oracle released an urgent security update to address a critical remote code execution vulnerability affecting its identity and web services platforms. This flaw allows unauthorized actors to seize control of enterprise systems. Organizations are advised to apply the provided patch immediately.
Ubiquiti has disclosed a maximum severity security flaw in its network management software. This directory navigation vulnerability allows unauthorized actors to bypass restrictions and seize full control of systems. Administrators are advised to update all platforms immediately.
The Federal Bureau of Investigation (FBI) warns that the threat actor group known as Handala uses specialized malware to target civilians and journalists. Linked to the Iranian Ministry of Intelligence and Security, these operations exploit messaging bots to exfiltrate sensitive data.
The Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to patch a critical vulnerability in Citrix NetScaler appliances. This flaw allows remote actors to steal sensitive data from memory. Organizations must update systems immediately to prevent active exploitation.
Recent supply chain attacks targeting Axios and Trivy have exposed critical vulnerabilities in enterprise software dependencies. These incidents allowed threat actors to steal credentials and install malicious software. Organizations are advised to rotate keys and audit systems.
The Federal Communications Commission (FCC) has expanded its list of restricted equipment to include foreign manufactured routers. This decision follows major cyber attacks on critical infrastructure. While existing devices remain functional, businesses are advised to audit procurement.
NVIDIA has issued critical security updates to address a severe vulnerability within its enterprise artificial intelligence software infrastructure. This flaw enables remote command execution and system disruption. Organizations are advised to apply these patches immediately.
Sophisticated voice phishing scams are rising as criminals use stolen personal data and recorded messages to deceive bank clients. By mimicking legitimate automated systems and creating a false sense of urgency, threat actors successfully bypass security to execute unauthorized transfers.
Handala, an Iranian-linked threat group, sabotaged medical giant Stryker by weaponizing Microsoft Intune. By compromising a Global Admin account, they issued a mass remote wipe command, factory-resetting 80,000 devices. This signals a shift from cyber espionage to destructive sabotage.
Threat actors are using search engine optimization poisoning to distribute fake VPN clients impersonating Fortinet and Cisco. These malicious sites trick users into downloading credential-stealing malware, granting attackers direct, authenticated access to corporate networks.
Apple released critical patches for older iOS and iPadOS devices to address vulnerabilities exploited by the Coruna kit. These flaws allow threat actors to bypass security and gain total device control. Active exploitation has been confirmed, targeting sensitive data and crypto wallets.
Veeam disclosed four critical remote code execution vulnerabilities in its Backup and Replication platform, carrying a high severity score of 9.9. These flaws allow low-privileged users to gain total control of backup servers, posing a significant risk of ransomware attacks and data loss.
Google disclosed two zero-day vulnerabilities in the Chrome Skia and V8 engines. These flaws allow remote code execution via malicious webpages. With active exploitation confirmed, organizations must immediately update Chromium-based browsers to prevent unauthorized system access.
Microsoft released its March 2026 update, patching 79 vulnerabilities including two zero-days. A critical remote code execution flaw in the Microsoft Devices Pricing Program, carrying a severity score of 9.8, highlights the release. Adobe, Cisco, and Fortinet also issued security patches.
The Chinese-linked threat actor Silver Dragon, part of the APT41 umbrella, is conducting a sophisticated espionage campaign across Southeast Asia. By utilizing techniques like DLL side-loading, the group targets government entities and critical infrastructure to harvest long-term intelligence.
The Philippine CICC is intensifying its crackdown on illegal gambling, though an automated system glitch recently disrupted legitimate platforms. Concurrently, Meta removed 150,000 scam-linked accounts in Southeast Asia, signaling a rigorous regional effort to combat cyber fraud.
The Professional Regulation Commission reportedly suffered a massive data leak involving 9 gigabytes of sensitive licensing documents and personal information. Allegedly executed by the threat actor FEMBOYSEC, the breach underscores critical cybersecurity gaps in the government’s digital shift.
U.S. and Australian agencies have issued joint warnings of potential cyberattacks against financial institutions tied to Middle East tensions. CISA and ACSC urge proactive defense against DDoS and hacktivist threats to mitigate operational, reputational, and regulatory risks.
U.S. and international agencies warn of heightened cyber threats from Iran targeting financial institutions. Organizations face risks of operational disruption via DDoS attacks and reputational damage. Security leaders must prioritize proactive defense and cyber hygiene to mitigate impacts.
A critical zero-day vulnerability in Ivanti VPN appliances allows remote attackers to gain full system control. State-sponsored actors are using RESURGE malware to maintain hidden, persistent access.
A high-severity vulnerability in Google Chrome allows malicious browser extensions to hijack the Gemini panel. This flaw grants attackers access to cameras, microphones, and local files. Enterprises must ensure all endpoints are updated to Chrome version 143.0.7499.192 or later to mitigate risks.
The "ClawJacked" vulnerability in OpenClaw allows remote attackers to hijack local AI agents via malicious websites. This zero-click exploit grants full control over developer environments, including file exfiltration and system commands. Organizations must update to version 2026.2.25.
A zero-day vulnerability in Microsoft HTML allows attackers like APT28 to bypass security warnings and execute code via malicious files. Exploited in the wild, this flaw targets Windows systems. Organizations are advised to apply the February 2026 security updates immediately to mitigate risk.
A critical zero-day in Ivanti VPNs allows remote attackers to gain full system control via RESURGE malware. State-sponsored actors use this to maintain hidden persistence. Standard patches are insufficient; organizations are advised to use specialized tools to detect the threat.
A critical SSRF vulnerability in the Angular SSR framework allows attackers to redirect internal traffic and exfiltrate sensitive data. With a CVSS of 9.2, this flaw enables private network probing. Organizations are advised to immediately update to Angular version 19.2.21 or higher.
A command injection vulnerability in Soliton Systems FileZen allows authenticated users to execute malicious commands. CISA confirmed active exploitation, adding it to the KEV catalog. Organizations are advised to update to version 5.0.11 or later to prevent full system compromise.
