Recent reports highlight critical vulnerabilities across enterprise platforms and severe supply chain attacks. Malicious groups continue to target telecommunications companies and exploit weaknesses, requiring immediate security updates.
China-linked espionage targets Philippine infrastructure while AI-generated scams and illegal text blasters exploit local trust. Meanwhile, the Instructure breach exposed data of thousands of institutions, and cascading supply chain attacks continue to compromise major security and software vendors.
Recent incidents expose severe risks to Philippine companies from state-backed hacking groups, unverified government data breaches, and compromised third-party software. Organizations are advised to track software vulnerabilities and secure cloud configurations to prevent massive data theft.
Cyber threats in the Philippines are shifting toward human-centric manipulation. Organized syndicates now use sophisticated social engineering, such as impersonating government officials and hijacking technical platforms like Axios, to bypass automated security and compromise enterprises.
119 reports
Authorities are warning of a text scam impersonating government agencies like the MMDA and LTO, claiming recipients have unpaid traffic violations. These messages use pressure tactics and malicious links to redirect victims to fake payment portals to steal banking credentials and personal data.
HoneyMyte has intensified espionage in South East Asia, targeting government networks via DLL side-loading. The group bypasses security to harvest credentials and monitor activity. With 1,400 past victims in the Philippines, their persistence poses a major risk to national critical infrastructure.
Cyber Risks to Monitor
A critical authentication bypass vulnerability in n8n, dubbed "Ni8mare," allows unauthenticated attackers to achieve full remote code execution. With a maximum CVSS score of 10.0, the flaw enables attackers to weaponize workflows, steal credentials, and compromise connected services.
Cisco released urgent patches for a maximum-severity zero-day vulnerability in its Secure Email Gateway. Actively exploited by China-linked threat actors, the CVSS 10.0 flaw allows unauthenticated root-level command execution, enabling full device takeover and persistent network access.
Cisco Talos reports that China-linked group UAT-8837 is exploiting a critical zero-day vulnerability in Sitecore CMS to breach North American critical infrastructure. The group uses insecure configurations to bypass controls, establish long-term persistence, and monitor operational plans.
Microsoft's January 2026 update addresses 114 vulnerabilities, including three zero-days, most notably a memory leak in Desktop Windows Manager. Despite critical fixes, the rollout has caused operational disruptions, including Outlook freezes and Windows 11 shutdown failures.
Threat actors are using malvertising and fake online converter tools to distribute malware via deceptive "CAPTCHA" prompts. By mimicking legitimate productivity services, these fraudulent sites trick users into executing malicious commands and expose sensitive corporate documents to data theft.
Malicious browser extension campaigns, including are targeting enterprise systems to steal credentials and session tokens. By masquerading as productivity tools, these extensions bypass traditional defenses to capture sensitive data and trigger social engineering attacks.
Researchers uncovered a vulnerability in Microsoft Copilot which allows threat actors to exfiltrate chat histories via a single malicious link. The flaw enables silent command execution within browser-based sessions to send sensitive data to external servers without further user interaction.
The Canadian and Philippine militaries completed a five-day cyber operations course to bolster the AFP’s ability to defend critical infrastructure. Focused on detection and legal alignment, the training strengthens bilateral defense ties and regional resilience against rising cyber threats.
The CICC lifted the ban on X’s Grok AI after xAI committed to removing deepfake and content manipulation features. The swift reversal followed similar restrictions in Malaysia and Indonesia, highlighting regional efforts to force AI developers to comply with local safety standards.
The DICT is launching “Oplan Bantay Padala,” a centralized portal for filing complaints against courier services. Expanding on the “Oplan Bantay Signal” framework, the system aims to enhance accountability, monitor delivery performance, and professionalize the logistics industry.
The "Kimwolf" campaign has compromised over two million Android streaming devices, primarily off-brand TV boxes, to build a global botnet. These infected devices facilitate DDoS attacks, credential stuffing, and bandwidth theft, often arriving pre-infected or compromised minutes after setup.
Two malicious Chrome extensions, "Prompt Poaching," were found harvesting ChatGPT and DeepSeek chat histories. Posing as productivity tools, they bypassed security—one even holding a "Featured" badge—to exfiltrate sensitive AI data and intellectual property.
Threat actors are abusing Google Cloud’s “Application Integration” tool to send phishing emails from a genuine Google address. By bypassing filters and using fake CAPTCHAs, the multi-stage attack tricks users into entering Microsoft 365 credentials on fraudulent login pages.
The ClickFix campaign "PHALT#BLYX" targets the hospitality sector using fake BSOD errors to trick users into executing malicious code. By following "fix" instructions, victims paste commands into the Windows Run box, installing the DCRAT trojan to grant attackers remote system control.
The PNP-ACG reported a decline in major cybercrime categories for 2025, including drops in online selling and investment scams. While officials credit awareness efforts, analysts note the data reflects only PNP-handled cases and not the nationwide prevalence across other agencies.
Taiwan’s NSB reported that Chinese-linked actors, including Mustang Panda and APT41, average 2.63M daily intrusion attempts targeting critical sectors. The focus on energy infrastructure highlights risks for the Philippines' power grid, given its partial ownership by a Chinese state firm.
