Cybersecurity

Fraud Syndicates May Exploit Elevated Fuel Prices and Living Costs for Impersonation Scams

Fraud syndicates are exploiting rising living costs and fuel prices to conduct impersonation scams. Using human-centric deception, they spoof government officials to harvest data or solicit fake donations. Organizations must strengthen their human firewall through enhanced security literacy.

Microsoft’s Monthly Patch - April 2026: 167 Vulnerabilities, 2 Zero-days

Microsoft's April 2026 update addresses 167 vulnerabilities, including two active zero-days: CVE-2026-32201 in SharePoint and CVE-2026-33825 in Microsoft Defender. With eight critical flaws identified, including remote code execution, administrators must prioritize these patches immediately.

Vulnerability in wolfSSL Library Enables Forged Certificate Use (CVSS 9.3)

wolfSSL disclosed a critical signature verification vulnerability. This flaw allows attackers to bypass cryptographic trust mechanisms and forge digital identities. Organizations should update to version 5.9.1 to prevent unauthorized access.

Marimo Pre-authentication Remote Code Execution Flaw Now Under Active Exploitation (CVSS 9.3)

Marimo disclosed a critical remote code execution vulnerability. This flaw allows unauthenticated attackers to gain root access via the terminal WebSocket endpoint. Enterprises must immediately update to version 0.23.0 to protect sensitive AI workloads.

Fortinet Patches Actively Exploited Vulnerability in FortiClient Endpoint Management System (CVSS 9.8)

Fortinet disclosed a critical zero-day vulnerability in FortiClient EMS. This flaw allows unauthenticated attackers to bypass authentication and execute commands. Enterprises are advised to update to version 7.4.7 immediately to prevent full system compromise.

Threat Actor Exploit Critical Flaw in Ninja Forms WordPress plugin (CVSS 9.8)

Ninja Forms disclosed a critical file upload vulnerability. This flaw allows unauthenticated attackers to upload malicious scripts and achieve remote code execution. Enterprises are advised to immediately update the plugin to version 3.3.27 or later.

Developments in the Axios Breach: Understanding the Social Engineering Used

North Korean threat group UNC1069 hijacked the Axios library through a sophisticated social engineering campaign. By impersonating tech executives in fake Slack workspaces, attackers pressured maintainers into installing malware disguised as system updates. This highlights the risk to developers.

US Government Agencies Warn of Iran Backed Cyber Attacks on US Critical Infrastructure

Iran-linked threat actors are pivoting from espionage to disruptive cyber warfare against critical infrastructure. Using malware like IOCONTROL, groups target internet-facing industrial controllers in the water and energy sectors. This escalation includes destructive wiper attacks on US firms.

Max Severity Flowise Remote Code Execution Vulnerability Exploited in Attacks (CVSS 10.0)

Flowise disclosed a maximum severity remote code execution vulnerability. This flaw allows unauthenticated attackers to inject malicious scripts, leading to full system takeover. Enterprises are advised to immediately update to version 3.1.1 to mitigate risk.

Advertising Intelligence: Understanding the Risks of Ad-Based Surveillance Systems

LucidRook Malware Campaign Targets Taiwan NGOs and Universities

The LucidRook campaign targets Taiwan-based organizations using sophisticated spear-phishing and geofencing. Attackers bypass security controls with password-protected archives to deploy malware via malicious shortcuts. This cluster focuses on stealing sensitive data through social engineering.

Human-Centric Cyber Threats on the Rise

Cybercrime in Southeast Asia is shifting toward organized, cross-border networks. In the Philippines, syndicates exploit government trust through social engineering and banking trojans. This human-centric approach combines manipulation with malware to facilitate unauthorized fund transfers.

Cyber Risks Brief: 2026-04-16

Cyber threats in the Philippines are shifting toward human-centric manipulation. Organized syndicates now use sophisticated social engineering, such as impersonating government officials and hijacking technical platforms like Axios, to bypass automated security and compromise enterprises.

CISA Urges Immediate Patching of Actively Exploited NetScaler Vulnerability (CVSS 9.3)

The Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to patch a critical vulnerability in Citrix NetScaler appliances. This flaw allows unauthorized actors to steal sensitive data. Security experts warn that thousands of systems remain exposed to this threat.

New Phishing Campaign Hits TikTok for Business Accounts

Researchers identified an AiTM phishing campaign targeting TikTok for Business. Attackers use Google Cloud links and CAPTCHAs to steal session cookies, bypassing two-factor authentication.

Uptick Observed in Elaborate Online Scam Operations Exploiting the Philippine Tourism Sector Scam

Authorities warn of rising online booking scams in Central Visayas. Fraudsters use fake social media pages to impersonate resorts, stealing over one million pesos from tourists.

Philippine BPO Companies at Risk as Scam Hubs from Southeast Asia Migrate to the Philippines

Transnational criminal syndicates are relocating scam hubs to the Philippines, often disguised as legitimate business process outsourcing firms. A major data breach at Telus Digital underscores the significant supply-chain risks and the potential for large-scale identity theft.

PNP Issues Alert Against Online Vacation Scams Amid Rising Cyber Threats

Authorities have issued an alert regarding fake travel listings and impersonation scams ahead of the summer season. These threats are part of a broader trend where cybercriminals exploit seasonal travel and geopolitical tensions to conduct phishing and disruptive cyberattacks.

Iranian-Linked Hacktivist Group Claim Attack on US Medtech Giant Stryker

Handala, an Iranian-linked threat group, sabotaged medical giant Stryker by weaponizing Microsoft Intune. By compromising a Global Admin account, they issued a mass remote wipe command, factory-resetting 80,000 devices. This signals a shift from cyber espionage to destructive sabotage.

Threat Actors Using Search Engine Poisoning to Distribute Fake Enterprise VPNs

Threat actors are using search engine optimization poisoning to distribute fake VPN clients impersonating Fortinet and Cisco. These malicious sites trick users into downloading credential-stealing malware, granting attackers direct, authenticated access to corporate networks.

Apple Patches Critical “Coruna” Exploits on Older Devices

Apple released critical patches for older iOS and iPadOS devices to address vulnerabilities exploited by the Coruna kit. These flaws allow threat actors to bypass security and gain total device control. Active exploitation has been confirmed, targeting sensitive data and crypto wallets.

Multiple Remove Code Execution Vulnerabilities Expose Veeam Backup Servers to Takeover (CVSS 9.9)

Veeam disclosed four critical remote code execution vulnerabilities in its Backup and Replication platform, carrying a high severity score of 9.9. These flaws allow low-privileged users to gain total control of backup servers, posing a significant risk of ransomware attacks and data loss.

Update Now: Google Patches Two Zero-Day Flaw Exploited in the Wild (CVSS 8.8)

Google disclosed two zero-day vulnerabilities in the Chrome Skia and V8 engines. These flaws allow remote code execution via malicious webpages. With active exploitation confirmed, organizations must immediately update Chromium-based browsers to prevent unauthorized system access.

Microsoft’s Monthly Patch – March 2026: 79 Vulnerabilities, Two Zero-days

Microsoft released its March 2026 update, patching 79 vulnerabilities including two zero-days. A critical remote code execution flaw in the Microsoft Devices Pricing Program, carrying a severity score of 9.8, highlights the release. Adobe, Cisco, and Fortinet also issued security patches.

APT41-Linked Group Targets Government Sector Across Southeast Asia

The Chinese-linked threat actor Silver Dragon, part of the APT41 umbrella, is conducting a sophisticated espionage campaign across Southeast Asia. By utilizing techniques like DLL side-loading, the group targets government entities and critical infrastructure to harvest long-term intelligence.

Philippine Government Intensifies Efforts to Disrupt Illegal Gambling Sites and Regional Scam Networks

The Philippine CICC is intensifying its crackdown on illegal gambling, though an automated system glitch recently disrupted legitimate platforms. Concurrently, Meta removed 150,000 scam-linked accounts in Southeast Asia, signaling a rigorous regional effort to combat cyber fraud.

Professional Regulation Commission Allegedly Suffers from 9GB Data Leak

The Professional Regulation Commission reportedly suffered a massive data leak involving 9 gigabytes of sensitive licensing documents and personal information. Allegedly executed by the threat actor FEMBOYSEC, the breach underscores critical cybersecurity gaps in the government’s digital shift.

U.S. and Australian Agencies Issue Warnings on Possible Cyberattacks in Connection with Ongoing Conflict in the Middle East

U.S. and Australian agencies have issued joint warnings of potential cyberattacks against financial institutions tied to Middle East tensions. CISA and ACSC urge proactive defense against DDoS and hacktivist threats to mitigate operational, reputational, and regulatory risks.

U.S. and Australian Agencies Issue Warnings on Possible Cyber Attacks Related to Middle East Conflict

US and Australian agencies have warned financial institutions of heightened cyber threats from Iran-aligned actors. Banks face risks of disruptive DDoS attacks and ransomware. Analysts emphasize the need for robust cyber hygiene to prevent operational disruptions and reputational damage.

U.S. and Australian Agencies Issue Warnings on Possible Cyberattacks in Connection with Ongoing Conflict in the Middle East

U.S. and international agencies warn of heightened cyber threats from Iran targeting financial institutions. Organizations face risks of operational disruption via DDoS attacks and reputational damage. Security leaders must prioritize proactive defense and cyber hygiene to mitigate impacts.

Dormant RESURGE Malware Actively Targeting Ivanti Devices

A critical zero-day vulnerability in Ivanti VPN appliances allows remote attackers to gain full system control. State-sponsored actors are using RESURGE malware to maintain hidden, persistent access.

Malicious Chrome Extensions Exploit Gemini AI Browser Panel to Access Cameras and Files

A high-severity vulnerability in Google Chrome allows malicious browser extensions to hijack the Gemini panel. This flaw grants attackers access to cameras, microphones, and local files. Enterprises must ensure all endpoints are updated to Chrome version 143.0.7499.192 or later to mitigate risks.

ClawJacked: Critical Zero-Click Vulnerability in OpenClaw AI Agents

The "ClawJacked" vulnerability in OpenClaw allows remote attackers to hijack local AI agents via malicious websites. This zero-click exploit grants full control over developer environments, including file exfiltration and system commands. Organizations must update to version 2026.2.25.

Exploited Zero-Day Flaw in Windows MSHTML Framework

A zero-day vulnerability in Microsoft HTML allows attackers like APT28 to bypass security warnings and execute code via malicious files. Exploited in the wild, this flaw targets Windows systems. Organizations are advised to apply the February 2026 security updates immediately to mitigate risk.

Dormant RESURGE Malware Actively Targeting Ivanti Devices

A critical zero-day in Ivanti VPNs allows remote attackers to gain full system control via RESURGE malware. State-sponsored actors use this to maintain hidden persistence. Standard patches are insufficient; organizations are advised to use specialized tools to detect the threat.

Angular SSR Vulnerability Enables Unauthorized Server Requests

A critical SSRF vulnerability in the Angular SSR framework allows attackers to redirect internal traffic and exfiltrate sensitive data. With a CVSS of 9.2, this flaw enables private network probing. Organizations are advised to immediately update to Angular version 19.2.21 or higher.

CISA Mandates Patch for Actively Exploited FileZen Vulnerability

A command injection vulnerability in Soliton Systems FileZen allows authenticated users to execute malicious commands. CISA confirmed active exploitation, adding it to the KEV catalog. Organizations are advised to update to version 5.0.11 or later to prevent full system compromise.

SolarWinds Serv-U Software Vulnerable to Administrative-Level Compromise

SolarWinds disclosed four critical vulnerabilities in its Serv-U platform, allowing attackers to execute commands with administrator privileges. With a CVSS of 9.1, these flaws pose a severe risk. Organizations are advised to update to version 15.5.4 immediately.

Public Exploit Released for Privilege Escalation Vulnerability in Windows Error Reporting

A privilege escalation vulnerability in Windows Error Reporting allows low-level users to gain administrative control. With a public exploit available, the risk to Windows 10, 11, and Server environments is high. Organizations are advised to apply the January 2026 security updates immediately.

Threat Actors Weaponize PWAs in Fake Google Security Campaign

A phishing campaign uses the fraudulent domain google-prism[.]com to deploy malicious Progressive Web Apps and Android payloads. This attack steals credentials, locations, and contacts while mimicking native Google apps. Organizations should advise users to only use myaccount.google.com.

1Campaign Cybercrime Service Weaponizes Sponsored Search Ads

The 1Campaign service allows threat actors to bypass Google security by hiding malicious ads. Using fraud scoring, it hides phishing sites from scanners while targeting employees via sponsored links. Organizations should implement ad-blocking and mandate the use of official software channels.

Threat Actors Exploit AI Tools for Cyberattacks

Threat actors are weaponizing generative AI tools like CyberStrikeAI and ChatGPT to automate reconnaissance and craft sophisticated phishing campaigns. Additionally, a critical Google Cloud API flaw has exposed sensitive Gemini endpoints, risking massive financial loss and data theft.

Philippine Agencies Expand Digital Oversight: Impact on Social Media and Finance

The DICT retracted its Telegram ban following a cooperation agreement on illegal content monitoring. Simultaneously, the BSP proposed annual cybersecurity self-assessments for financial firms, while authorities intensified crackdowns on illegal lending apps to combat data privacy abuse.

US FBI Intensifies Crackdown Against Southeast Asian Scam Hubs

The FBI partnered with Southeast Asian law enforcement to dismantle industrialized scam compounds linked to organized crime. These hubs utilize forced labor for global "pig butchering" schemes. The joint effort focuses on seizing assets and disrupting transnational cyber fraud networks.

Global Ransomware Attacks Surge 50 Percent in 2025, but Victim Payments Drop to 28 Percent

Global ransomware attacks surged by 50 percent in 2025, but total payments fell as victim payment rates dropped to a record-low 28 percent. Organizations are increasingly refusing to pay, shifting the threat landscape toward data extortion and targeting vulnerable small-to-medium enterprises.

US FBI Intensifies Crackdown Against Southeast Asian Scam Hubs

The FBI and Southeast Asian police are dismantling industrialized scam compounds linked to Chinese organized crime. These hubs utilize forced labor for "pig butchering" schemes, which cost Americans USD 10 billion in 2024. Risks include cyber fraud and diplomatic volatility.

Victim Reportedly Lost Money in Bank Account via Vishing Scam

A sophisticated vishing scam targeted a bank client using stolen personal data and realistic IVR recordings to bypass OTP security. Analysts warn of a developed criminal ecosystem fueled by data breaches and local scam hubs, advising the public to verify all unsolicited calls.

Mobile App “Chat & Ask AI” Allegedly Suffers from a Data Leak

The "Chat & Ask AI" application, with over 50 million downloads, suffered a massive data breach due to a misconfigured Firebase database. The exposure leaked sensitive user conversations and settings, highlighting the risks of unvetted AI "wrapper" apps and Shadow IT in the enterprise.

Study Identifies Vulnerabilities in Password Managers Under Compromised Servers; No Active Exploitation in the Wild

Researchers identified vulnerabilities in major cloud password managers, including Bitwarden and LastPass, that could allow attackers to bypass zero-knowledge protections. While no active exploitation is confirmed, the flaws highlight risks in encrypted data sharing and server security.

Honeywell CCTV Authentication Bypass Flaw (CVSS 9.8)

A critical authentication bypass vulnerability in Honeywell CCTV cameras allows remote attackers to perform full account takeovers by manipulating password recovery APIs. With a severity score of 9.8, the flaw enables unauthorized surveillance, network pivoting, and physical security breaches.