Recent reports highlight critical vulnerabilities across enterprise platforms and severe supply chain attacks. Malicious groups continue to target telecommunications companies and exploit weaknesses, requiring immediate security updates.
China-linked espionage targets Philippine infrastructure while AI-generated scams and illegal text blasters exploit local trust. Meanwhile, the Instructure breach exposed data of thousands of institutions, and cascading supply chain attacks continue to compromise major security and software vendors.
Recent incidents expose severe risks to Philippine companies from state-backed hacking groups, unverified government data breaches, and compromised third-party software. Organizations are advised to track software vulnerabilities and secure cloud configurations to prevent massive data theft.
Cyber threats in the Philippines are shifting toward human-centric manipulation. Organized syndicates now use sophisticated social engineering, such as impersonating government officials and hijacking technical platforms like Axios, to bypass automated security and compromise enterprises.
119 reports
Handala, an Iranian-linked threat group, sabotaged medical giant Stryker by weaponizing Microsoft Intune. By compromising a Global Admin account, they issued a mass remote wipe command, factory-resetting 80,000 devices. This signals a shift from cyber espionage to destructive sabotage.
Threat actors are using search engine optimization poisoning to distribute fake VPN clients impersonating Fortinet and Cisco. These malicious sites trick users into downloading credential-stealing malware, granting attackers direct, authenticated access to corporate networks.
Apple released critical patches for older iOS and iPadOS devices to address vulnerabilities exploited by the Coruna kit. These flaws allow threat actors to bypass security and gain total device control. Active exploitation has been confirmed, targeting sensitive data and crypto wallets.
Veeam disclosed four critical remote code execution vulnerabilities in its Backup and Replication platform, carrying a high severity score of 9.9. These flaws allow low-privileged users to gain total control of backup servers, posing a significant risk of ransomware attacks and data loss.
Google disclosed two zero-day vulnerabilities in the Chrome Skia and V8 engines. These flaws allow remote code execution via malicious webpages. With active exploitation confirmed, organizations must immediately update Chromium-based browsers to prevent unauthorized system access.
Microsoft released its March 2026 update, patching 79 vulnerabilities including two zero-days. A critical remote code execution flaw in the Microsoft Devices Pricing Program, carrying a severity score of 9.8, highlights the release. Adobe, Cisco, and Fortinet also issued security patches.
The Chinese-linked threat actor Silver Dragon, part of the APT41 umbrella, is conducting a sophisticated espionage campaign across Southeast Asia. By utilizing techniques like DLL side-loading, the group targets government entities and critical infrastructure to harvest long-term intelligence.
The Philippine CICC is intensifying its crackdown on illegal gambling, though an automated system glitch recently disrupted legitimate platforms. Concurrently, Meta removed 150,000 scam-linked accounts in Southeast Asia, signaling a rigorous regional effort to combat cyber fraud.
The Professional Regulation Commission reportedly suffered a massive data leak involving 9 gigabytes of sensitive licensing documents and personal information. Allegedly executed by the threat actor FEMBOYSEC, the breach underscores critical cybersecurity gaps in the government’s digital shift.
U.S. and Australian agencies have issued joint warnings of potential cyberattacks against financial institutions tied to Middle East tensions. CISA and ACSC urge proactive defense against DDoS and hacktivist threats to mitigate operational, reputational, and regulatory risks.
U.S. and international agencies warn of heightened cyber threats from Iran targeting financial institutions. Organizations face risks of operational disruption via DDoS attacks and reputational damage. Security leaders must prioritize proactive defense and cyber hygiene to mitigate impacts.
A critical zero-day vulnerability in Ivanti VPN appliances allows remote attackers to gain full system control. State-sponsored actors are using RESURGE malware to maintain hidden, persistent access.
A high-severity vulnerability in Google Chrome allows malicious browser extensions to hijack the Gemini panel. This flaw grants attackers access to cameras, microphones, and local files. Enterprises must ensure all endpoints are updated to Chrome version 143.0.7499.192 or later to mitigate risks.
The "ClawJacked" vulnerability in OpenClaw allows remote attackers to hijack local AI agents via malicious websites. This zero-click exploit grants full control over developer environments, including file exfiltration and system commands. Organizations must update to version 2026.2.25.
A zero-day vulnerability in Microsoft HTML allows attackers like APT28 to bypass security warnings and execute code via malicious files. Exploited in the wild, this flaw targets Windows systems. Organizations are advised to apply the February 2026 security updates immediately to mitigate risk.
A critical zero-day in Ivanti VPNs allows remote attackers to gain full system control via RESURGE malware. State-sponsored actors use this to maintain hidden persistence. Standard patches are insufficient; organizations are advised to use specialized tools to detect the threat.
A critical SSRF vulnerability in the Angular SSR framework allows attackers to redirect internal traffic and exfiltrate sensitive data. With a CVSS of 9.2, this flaw enables private network probing. Organizations are advised to immediately update to Angular version 19.2.21 or higher.
A command injection vulnerability in Soliton Systems FileZen allows authenticated users to execute malicious commands. CISA confirmed active exploitation, adding it to the KEV catalog. Organizations are advised to update to version 5.0.11 or later to prevent full system compromise.
SolarWinds disclosed four critical vulnerabilities in its Serv-U platform, allowing attackers to execute commands with administrator privileges. With a CVSS of 9.1, these flaws pose a severe risk. Organizations are advised to update to version 15.5.4 immediately.
A privilege escalation vulnerability in Windows Error Reporting allows low-level users to gain administrative control. With a public exploit available, the risk to Windows 10, 11, and Server environments is high. Organizations are advised to apply the January 2026 security updates immediately.
A phishing campaign uses the fraudulent domain google-prism[.]com to deploy malicious Progressive Web Apps and Android payloads. This attack steals credentials, locations, and contacts while mimicking native Google apps. Organizations should advise users to only use myaccount.google.com.
The 1Campaign service allows threat actors to bypass Google security by hiding malicious ads. Using fraud scoring, it hides phishing sites from scanners while targeting employees via sponsored links. Organizations should implement ad-blocking and mandate the use of official software channels.
Threat actors are weaponizing generative AI tools like CyberStrikeAI and ChatGPT to automate reconnaissance and craft sophisticated phishing campaigns. Additionally, a critical Google Cloud API flaw has exposed sensitive Gemini endpoints, risking massive financial loss and data theft.
The DICT retracted its Telegram ban following a cooperation agreement on illegal content monitoring. Simultaneously, the BSP proposed annual cybersecurity self-assessments for financial firms, while authorities intensified crackdowns on illegal lending apps to combat data privacy abuse.
The FBI partnered with Southeast Asian law enforcement to dismantle industrialized scam compounds linked to organized crime. These hubs utilize forced labor for global "pig butchering" schemes. The joint effort focuses on seizing assets and disrupting transnational cyber fraud networks.
Global ransomware attacks surged by 50 percent in 2025, but total payments fell as victim payment rates dropped to a record-low 28 percent. Organizations are increasingly refusing to pay, shifting the threat landscape toward data extortion and targeting vulnerable small-to-medium enterprises.
The "Chat & Ask AI" application, with over 50 million downloads, suffered a massive data breach due to a misconfigured Firebase database. The exposure leaked sensitive user conversations and settings, highlighting the risks of unvetted AI "wrapper" apps and Shadow IT in the enterprise.
Researchers identified vulnerabilities in major cloud password managers, including Bitwarden and LastPass, that could allow attackers to bypass zero-knowledge protections. While no active exploitation is confirmed, the flaws highlight risks in encrypted data sharing and server security.
A critical authentication bypass vulnerability in Honeywell CCTV cameras allows remote attackers to perform full account takeovers by manipulating password recovery APIs. With a severity score of 9.8, the flaw enables unauthorized surveillance, network pivoting, and physical security breaches.
The February update from Microsoft addresses fifty eight vulnerabilities including six critical zero day threats. While this release secures the Windows Shell and Microsoft Office Word from active exploits, some users report restart errors. Immediate installation is advised to protect systems.
Apple disclosed a critical zero-day memory corruption flaw in its dynamic linker service, affecting iPhones, iPads, and Macs. The vulnerability allows attackers to bypass security gatekeepers and execute malicious code at the core operating system level.
Google disclosed a high-severity "use after free" vulnerability in the Chrome CSS engine. The flaw allows remote code execution via malicious webpages. With active exploitation confirmed, immediate updates are required for all Chromium-based browsers.
The Google Threat Intelligence Group reported that state-sponsored hackers from Russia, China, Iran, and North Korea are weaponizing the Gemini AI model. These actors use AI to accelerate reconnaissance, automate phishing, and refine malware, significantly increasing the scale of cyberattacks.
Researchers identified "0APT," a cybercrime group using recycled data to falsely claim breaches for extortion. This "disruption without intrusion" tactic weaponizes public trust to cause reputational harm and drain resources, especially impactful for Philippine firms with limited security budgets.
North Korean threat actors are targeting the fintech industry using AI deepfakes and "ClickFix" tactics to deploy malware on Windows and macOS. By impersonating executives in video calls, they trick victims into executing malicious commands to steal cryptocurrency and sensitive identity data.
The China-linked threat actor UNC3886 targeted Singapore’s major telecommunications providers in a sophisticated espionage campaign. By exploiting zero-day vulnerabilities in edge devices, the group harvested network configurations, posing systemic supply-chain risks for the region.
The PNP-ACG and BPI formalized a partnership to combat sophisticated financial crimes through real-time fraud monitoring and intelligence sharing. Concurrently, the CICC warned of deepfake AI being used in romance scams to impersonate individuals and bypass traditional fraud detection methods.
Threat actors hijacked a trusted publisher account on the Open VSX Registry to weaponize four popular developer extensions with the Glassworm infostealer. Impacting 22,000 downloads, the malware targets AWS credentials and GitHub tokens to gain insider access to corporate environments.
OpenClaw, a viral AI assistant, has been flagged for a critical remote code execution vulnerability. Due to its high-level system permissions and lack of sandboxing, attackers can use indirect prompt injection to exfiltrate API keys and sensitive corporate data.
An attacker used AI to escalate from a single stolen credential to full AWS administrative control in just eight minutes. This "LLMjacking" incident highlights a shift to machine-speed threats, where attackers automate reconnaissance to hijack cloud resources and bypass traditional defenses.
The workflow automation platform n8n disclosed two critical RCE vulnerabilities. These flaws allow authenticated users to escape sandboxes and execute commands on the host server, risking credential theft and infrastructure-level control across connected services.
A critical sandbox escape vulnerability was disclosed in the vm2 NodeJS library, carrying a CVSS of 9.8. The flaw allows attackers to bypass restricted environments to execute commands, install malware, and steal credentials, impacting software supply chain security.
Russian state-sponsored group APT28 is exploiting a Microsoft Office vulnerability to target government and defense sectors. This "Operation Neusploit" uses compromised documents to bypass security checks, deploying malware for long-term intelligence gathering and data theft.
Chinese state-sponsored threat actors hijacked the Notepad++ update infrastructure to distribute "Chrysalis" malware. This supply chain attack targeted developers and system administrators, weaponizing trusted software updates to maintain persistent remote access for regional espionage.
China-linked threat actors are utilizing the PeckBirdy framework to conduct fileless espionage across Southeast Asia. By mimicking legitimate traffic, the campaign targets government and energy infrastructure, including Philippine institutions, to maintain undetected access.
Scammers are exploiting Amazon’s reputation to target job seekers with fraudulent offers. By mimicking official branding and moving conversations to encrypted messaging apps, threat actors trick victims into providing sensitive data or paying fake "training" fees under the guise of recruitment.
Researchers uncovered a new Telephone-Oriented Attack Delivery (TOAD) campaign that exploits Zoom’s infrastructure to bypass security filters. By abusing trusted domains to send legitimate-looking emails, attackers lure victims into fraudulent calls to bypass MFA and steal sensitive financial data.
Multiple ransomware groups, including Qilin and Tengu, have claimed attacks on several Philippine firms, such as PSBank and Lenotech. While LM Metro Hotel confirmed a 30GB data breach, other claims remain unverified by authorities, highlighting a surge in local targeting.
