Cybersecurity

Philippines Ranks Above Global Averages For Digital Fraud, Indicating A Rise In Scale Over Severity in Cybercrimes

The Philippine digital fraud rate has surpassed the global average. Driven by low-severity, high-scale tactics like social engineering and text blasters, this fraud-as-a-service landscape requires domestic enterprises to adopt proactive security measures to mitigate risks.

Critical Information Infrastructure Protection Act and the Cybersecurity Act

These two measures seek to establish a set of standards for the security and protection of critical information infrastructure.

Recent Updates on Supply Chain Attacks

Recent cascading supply chain attacks are targeting software ecosystems. By exploiting developer credentials, automated workflows, and open source repositories, threat actors achieve a massive downstream impact, compromising major artificial intelligence firms.

LiteSpeed Patches Critical cPanel Plugin Vulnerability Allowing Root Privilege Escalation (CVSS 10.0)

LiteSpeed Technologies released security updates addressing a maximum severity vulnerability in its control panel plugin. The actively exploited flaw allows low privilege users to gain root access, risking complete server compromise in shared hosting environments.

Cisco Patches Maximum-Severity Vulnerability in Secure Workload Platform (CVSS 10.0)

Cisco released critical security updates addressing a vulnerability in its Secure Workload platform. The flaw allows unauthenticated remote actors to bypass authentication and gain full administrator control, risking complete network compromise.

Update Now: Ubiquiti Addresses Three Critical UniFi OS Vulnerabilities (CVSS 10.0)

Ubiquiti released critical security updates addressing three vulnerabilities in UniFi Operating System with maximum severity scores. The flaws allow remote actors to make unauthorized changes, access files, or execute commands without user interaction, risking full network control.

Shiny Hunters Targets 7-Eleven, Refuses Ransom Demands

The cybercrime group ShinyHunters leaked stolen cloud documents after 7-Eleven refused extortion demands following a recent data breach. The incident exposed the personal information of thousands of individuals, highlighting global security risks.

Cyber Risks Brief - May 28, 2026

Recent reports highlight critical vulnerabilities across enterprise platforms and severe supply chain attacks. Malicious groups continue to target telecommunications companies and exploit weaknesses, requiring immediate security updates.

China-linked threat actors exploits new Linux and Windows malware to target Telcos

Chinese espionage groups are escalating cyber operations by deploying sophisticated new malware against telecommunications companies. By utilizing custom tools for persistent network access, these actors hide their tracks while gathering high value intelligence across regions.

AI-Generated Investment Scams Impersonating Popular Media Outlets

AI-generated investment scams are increasingly impersonating trusted media outlets like INQUIRER.net, using fake articles and manipulated videos of public figures to lure victims into fraudulent “investment opportunities” aimed at stealing personal information, banking details, and money.

Cyber Risks Brief - May 14, 2026

China-linked espionage targets Philippine infrastructure while AI-generated scams and illegal text blasters exploit local trust. Meanwhile, the Instructure breach exposed data of thousands of institutions, and cascading supply chain attacks continue to compromise major security and software vendors.

Windows DNS Client Remote Code Execution Vulnerability

Microsoft has patched critical buffer overflow vulnerabilities, CVE-2026-41089 and CVE-2026-41096, which enable unauthenticated remote code execution on Windows servers and domain controllers.

The Reality of Password Cracking and Essential Hygiene

Half of real-world passwords are easily cracked due to predictability and high computational power. Using methods like brute forcing and smart cracking, actors exploit human patterns. Enterprises must adopt randomized passwords, dedicated managers, passkeys, and multi-factor authentication.

Vm2 Sandbox Flaw Allows for Remote Code Execution on Host System (CVSS 9.8)

A critical vulnerability in the Vm2 sandboxing library allows threat actors to escape isolated environments and execute arbitrary code on host systems. Enterprises must upgrade to version 3.11.2 or higher immediately to mitigate severe risks of supply chain attacks and data exfiltration.

CISA Adds Copy-Fail Vulnerability Flaw to KEV Catalog

The Cybersecurity and Infrastructure Security Agency warns the Copy-Fail Linux vulnerability is actively exploited. It allows unprivileged users to overwrite memory for root access. Enterprises must apply updates immediately to prevent stealthy backdoors and container escapes.

Update Now: Google Chrome Release Version 148; Fixes for 127 Vulnerabilities

Google released Chrome version 148 addressing 127 vulnerabilities, including three critical flaws allowing remote code execution. Enterprises must immediately update all browsers to mitigate severe risks of drive-by exploitation and broader attack surface compromises.

The Instructure Canvas Breach: ShinyHunter’s Extortion Campaign and Settlement

Threat group ShinyHunters exploited a Cross-Site Scripting vulnerability to breach educational technology firm Instructure, extracting over three terabytes of data and defacing portals. A settlement halted leaks, underscoring critical enterprise risks regarding data compartmentalization.

Critical Buffer Overflow in Palo Alto Networks allows Unauthenticated Root-level Access (CVSS 9.8)

Palo Alto Networks has disclosed a critical buffer overflow vulnerability, CVE-2026-0300, allowing unauthenticated remote code execution with root privileges. Enterprises should immediately restrict access to the authentication portal and apply security updates to mitigate high-level risks.

The Domino Effect of Recent Supply Chain Attacks

Recent supply chain attacks demonstrate a cascading effect, where threat actors like TeamPCP exploit compromised credentials and CI/CD vulnerabilities to infect downstream targets. Organizations must assume a breach if affected software was used and prioritize securing developer access.

China-Linked Cyber-Espionage Operations Targeting Asian and NATO-Aligned Governments, Journalists, and Activists

A China-aligned cyber espionage campaign targets Asian governments and infrastructure using phishing and server vulnerabilities. This threatens Philippine enterprises through supply chain risks, data theft, and foreign exposure within the telecommunications and power sectors.

The Growing Threat of Malicious Advertising in Search Engine Ads

Threat actors use search engine advertisements to launch adversary-in-the-middle phishing attacks. By impersonating trusted platforms, attackers steal credentials and bypass two-factor authentication, posing a critical risk to enterprise networks.

Proliferation of Illegal Text Blasters

Following the ban on offshore gaming operators, cheap bulk text messaging devices are flooding Philippine black markets. Criminals use these portable tools to mimic cell towers and launch localized phishing attacks, creating persistent fraud risks for regional enterprises.

AI-Generated Investment Scams Exploit Fake News Sites

Threat actors use Artificial Intelligence to impersonate trusted Philippine news outlets and business leaders in investment scams. Promoted via social media advertisements, these campaigns steal credentials and funds, posing a severe reputational and fraud risk to regional enterprises.

New Labor Day Phishing Campaign Shows How Threat Actors Exploit Holiday Giveaways

A Labor Day phishing campaign is targeting Filipino workers with fake 51GB free data offers. By mimicking major telecommunications providers, attackers trick users into submitting mobile numbers and social media credentials, which are then weaponized for further fraud and smishing.

Cyber Risks Brief - April 30, 2026

Recent incidents expose severe risks to Philippine companies from state-backed hacking groups, unverified government data breaches, and compromised third-party software. Organizations are advised to track software vulnerabilities and secure cloud configurations to prevent massive data theft.

Linux Kernel Vulnerability “Copy Fail” Enables Full Root Access

A critical Linux kernel vulnerability allows unprivileged users to gain full root access by exploiting a logic flaw in the cryptographic subsystem. This memory-only exploit enables stealthy backdoor injection and container escapes without leaving a digital footprint.

Alleged PDEA Data Breach and Ransom Threat

An alleged data breach involving the Philippine Drug Enforcement Agency was reported on April 18, 2026, with threat actor "FEMBOYSEC" claiming to hold 400GB of sensitive data. The leak reportedly includes 100,000 PII records and pharmaceutical certificates, though official verification is pending.

State-Sponsored Spear-Phishing Targeting Aerospace and Defense Software

A NASA investigation revealed a multi-year Chinese spear-phishing campaign targeting export-controlled aerospace software. The threat actor used social engineering to infiltrate defense networks. This highlights persistent regional risks for the Philippines' critical infrastructure.

Emerging Cyber Threats Aimed at Harvesting User Data Underscores the Importance of Segregating Online Activity

ShinyHunters is targeting global brands like Udemy and 7-Eleven by exploiting Salesforce misconfigurations, while over 80 Chrome extensions were found harvesting data from 6.5 million users. Enterprises must audit cloud permissions and mandate separate browser profiles for work and personal use.

Cloud Platform Vercel Confirmed Data Breach via Supply Chain Attack

Cloud platform Vercel confirmed a data breach after a supply chain attack on a third-party AI tool, Context.ai. Threat actors used stolen OAuth tokens to access internal systems. Enterprises are advised to revoke the Context.ai OAuth app and restrict broad third-party permission grants.

Security Agencies Warn of China-Linked Threat Actors Using Compromised Devices for Botnet Operations

International agencies warn of China-linked threat actors using compromised devices to build botnets for covert espionage. These networks disguise malicious traffic as legitimate consumer activity. Enterprises are advised to update end-of-life devices, implement MFA, and adopt zero-trust.

NIST Updates CVE Reporting Due to Volume of Vulnerability Submissions

NIST is scaling back National Vulnerability Database enrichment due to a 263 percent increase in submissions. Only high-priority CVEs will receive severity scores and details. Organizations are advised to adopt proactive management strategies, as they can no longer rely on NIST as a sole source.

SGLang Vulnerability Enables Remote Code Execution via Malicious GGUF Model Files (CVSS 9.8)

SGLang has a critical vulnerability that enables remote code execution via malicious GGUF model files. The flaw lacks process isolation, allowing attackers to control host systems, steal data, or copy intellectual property.

Hackers exploit file upload bug in Breeze Cache WordPress plugin (CVSS 9.8)

A critical vulnerability in the Breeze Cache WordPress plugin allows unauthenticated file uploads and remote code execution. The flaw enables full site takeover. Enterprises are advised to update to version 2.4.5 or disable local Gravatar hosting immediately.

Microsoft releases emergency patches for critical ASP.NET flaw (CVSS 9.1)

Microsoft has issued emergency patches for CVE-2026-40372, a critical ASP.NET flaw. The vulnerability allows unauthenticated attackers to forge credentials and gain system-level privileges. Enterprises are advised to update to version 10.0.7 and rotate data protection key rings.

Compromised Bitwarden Developer Package Threatens Developer Credentials

On April 22, 2026, a supply chain attack targeted the Bitwarden CLI npm package, injecting malware to steal cloud tokens and SSH keys. Enterprises are advised to rotate developer credentials and audit third-party vendor risks to mitigate vulnerabilities in automated software build environments.

Fraud Syndicates May Exploit Elevated Fuel Prices and Living Costs for Impersonation Scams

Fraud syndicates are exploiting rising living costs and fuel prices to conduct impersonation scams. Using human-centric deception, they spoof government officials to harvest data or solicit fake donations. Organizations must strengthen their human firewall through enhanced security literacy.

Microsoft’s Monthly Patch - April 2026: 167 Vulnerabilities, 2 Zero-days

Microsoft's April 2026 update addresses 167 vulnerabilities, including two active zero-days: CVE-2026-32201 in SharePoint and CVE-2026-33825 in Microsoft Defender. With eight critical flaws identified, including remote code execution, administrators must prioritize these patches immediately.

Vulnerability in wolfSSL Library Enables Forged Certificate Use (CVSS 9.3)

wolfSSL disclosed a critical signature verification vulnerability. This flaw allows attackers to bypass cryptographic trust mechanisms and forge digital identities. Organizations should update to version 5.9.1 to prevent unauthorized access.

Marimo Pre-authentication Remote Code Execution Flaw Now Under Active Exploitation (CVSS 9.3)

Marimo disclosed a critical remote code execution vulnerability. This flaw allows unauthenticated attackers to gain root access via the terminal WebSocket endpoint. Enterprises must immediately update to version 0.23.0 to protect sensitive AI workloads.

Fortinet Patches Actively Exploited Vulnerability in FortiClient Endpoint Management System (CVSS 9.8)

Fortinet disclosed a critical zero-day vulnerability in FortiClient EMS. This flaw allows unauthenticated attackers to bypass authentication and execute commands. Enterprises are advised to update to version 7.4.7 immediately to prevent full system compromise.

Threat Actor Exploit Critical Flaw in Ninja Forms WordPress plugin (CVSS 9.8)

Ninja Forms disclosed a critical file upload vulnerability. This flaw allows unauthenticated attackers to upload malicious scripts and achieve remote code execution. Enterprises are advised to immediately update the plugin to version 3.3.27 or later.

Developments in the Axios Breach: Understanding the Social Engineering Used

North Korean threat group UNC1069 hijacked the Axios library through a sophisticated social engineering campaign. By impersonating tech executives in fake Slack workspaces, attackers pressured maintainers into installing malware disguised as system updates. This highlights the risk to developers.

US Government Agencies Warn of Iran Backed Cyber Attacks on US Critical Infrastructure

Iran-linked threat actors are pivoting from espionage to disruptive cyber warfare against critical infrastructure. Using malware like IOCONTROL, groups target internet-facing industrial controllers in the water and energy sectors. This escalation includes destructive wiper attacks on US firms.

Max Severity Flowise Remote Code Execution Vulnerability Exploited in Attacks (CVSS 10.0)

Flowise disclosed a maximum severity remote code execution vulnerability. This flaw allows unauthenticated attackers to inject malicious scripts, leading to full system takeover. Enterprises are advised to immediately update to version 3.1.1 to mitigate risk.

Advertising Intelligence: Understanding the Risks of Ad-Based Surveillance Systems

LucidRook Malware Campaign Targets Taiwan NGOs and Universities

The LucidRook campaign targets Taiwan-based organizations using sophisticated spear-phishing and geofencing. Attackers bypass security controls with password-protected archives to deploy malware via malicious shortcuts. This cluster focuses on stealing sensitive data through social engineering.

Human-Centric Cyber Threats on the Rise

Cybercrime in Southeast Asia is shifting toward organized, cross-border networks. In the Philippines, syndicates exploit government trust through social engineering and banking trojans. This human-centric approach combines manipulation with malware to facilitate unauthorized fund transfers.

Cyber Risks Brief - April 16, 2026

Cyber threats in the Philippines are shifting toward human-centric manipulation. Organized syndicates now use sophisticated social engineering, such as impersonating government officials and hijacking technical platforms like Axios, to bypass automated security and compromise enterprises.

CISA Urges Immediate Patching of Actively Exploited NetScaler Vulnerability (CVSS 9.3)

The Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to patch a critical vulnerability in Citrix NetScaler appliances. This flaw allows unauthorized actors to steal sensitive data. Security experts warn that thousands of systems remain exposed to this threat.