Cybersecurity
131 reports
Two RCE Vulnerabilities in Automation Platform n8n Disclosed (CVSS 9.9 and 8.5)
The workflow automation platform n8n disclosed two critical RCE vulnerabilities. These flaws allow authenticated users to escape sandboxes and execute commands on the host server, risking credential theft and infrastructure-level control across connected services.
Sandbox Escape Vulnerability Found in vm2 NodeJS Library (CVSS 9.8)
A critical sandbox escape vulnerability was disclosed in the vm2 NodeJS library, carrying a CVSS of 9.8. The flaw allows attackers to bypass restricted environments to execute commands, install malware, and steal credentials, impacting software supply chain security.
Russian APT28 Exploiting Recently Patched Microsoft Office Flaw
Russian state-sponsored group APT28 is exploiting a Microsoft Office vulnerability to target government and defense sectors. This "Operation Neusploit" uses compromised documents to bypass security checks, deploying malware for long-term intelligence gathering and data theft.
Notepad++ Update Infrastructure Compromised by State-Sponsored Groups
Chinese state-sponsored threat actors hijacked the Notepad++ update infrastructure to distribute "Chrysalis" malware. This supply chain attack targeted developers and system administrators, weaponizing trusted software updates to maintain persistent remote access for regional espionage.
China-linked “PeckBirdy” Campaign Threatens Southeast Asian Networks
China-linked threat actors are utilizing the PeckBirdy framework to conduct fileless espionage across Southeast Asia. By mimicking legitimate traffic, the campaign targets government and energy infrastructure, including Philippine institutions, to maintain undetected access.
Fake Amazon Recruiters Exploit Job Seekers
Scammers are exploiting Amazon’s reputation to target job seekers with fraudulent offers. By mimicking official branding and moving conversations to encrypted messaging apps, threat actors trick victims into providing sensitive data or paying fake "training" fees under the guise of recruitment.
New Phishing Campaign Exploits Zoom Infrastructure
Researchers uncovered a new Telephone-Oriented Attack Delivery (TOAD) campaign that exploits Zoom’s infrastructure to bypass security filters. By abusing trusted domains to send legitimate-looking emails, attackers lure victims into fraudulent calls to bypass MFA and steal sensitive financial data.
Multiple Ransomware Groups Target Banking, Hospitality, and Tech Sectors
Multiple ransomware groups, including Qilin and Tengu, have claimed attacks on several Philippine firms, such as PSBank and Lenotech. While LM Metro Hotel confirmed a 30GB data breach, other claims remain unverified by authorities, highlighting a surge in local targeting.
SCAM ALERT: Fake Traffic Violation Text Messages
Authorities are warning of a text scam impersonating government agencies like the MMDA and LTO, claiming recipients have unpaid traffic violations. These messages use pressure tactics and malicious links to redirect victims to fake payment portals to steal banking credentials and personal data.
HoneyMyte’s Persistent Threat to Government Networks across Southeast Asia
HoneyMyte has intensified espionage in South East Asia, targeting government networks via DLL side-loading. The group bypasses security to harvest credentials and monitor activity. With 1,400 past victims in the Philippines, their persistence poses a major risk to national critical infrastructure.
Malicious Browser Extensions Steal Credentials and Breach Enterprise Systems
Malicious browser extensions are targeting enterprise HR and ERP platforms to steal credentials and hijack sessions. Campaigns like GhostPoster and ClickFix bypass traditional defenses by exploiting user trust, posing significant risks to corporate data security and operational stability.
Dangers of Free Online Converter Apps
Threat actors are using fake online file converters and malicious advertisements to distribute malware via deceptive CAPTCHAs. Users are warned against using free unverified productivity tools, as these services often lead to system compromise and the exposure of sensitive company data.
New PayPal Scam: Verified Invoices With Fake Support Numbers
Cyber Risks to Monitor
Critical Takeover Attack Vulnerability in n8n Platform Disclosed (CVSS 10.0)
A critical authentication bypass vulnerability in n8n, dubbed "Ni8mare," allows unauthenticated attackers to achieve full remote code execution. With a maximum CVSS score of 10.0, the flaw enables attackers to weaponize workflows, steal credentials, and compromise connected services.
Critical Cisco Zero-Day Patched After Active Espionage Campaign
Cisco released urgent patches for a maximum-severity zero-day vulnerability in its Secure Email Gateway. Actively exploited by China-linked threat actors, the CVSS 10.0 flaw allows unauthenticated root-level command execution, enabling full device takeover and persistent network access.
China‑Linked Hackers Target North American Critical Infrastructure via Sitecore Zero‑Day
Cisco Talos reports that China-linked group UAT-8837 is exploiting a critical zero-day vulnerability in Sitecore CMS to breach North American critical infrastructure. The group uses insecure configurations to bypass controls, establish long-term persistence, and monitor operational plans.
Latest Microsoft Patch Released – January 2026 -114 Vulnerabilities, 3 Zero-days, and Operational Disruptions Reported
Microsoft's January 2026 update addresses 114 vulnerabilities, including three zero-days, most notably a memory leak in Desktop Windows Manager. Despite critical fixes, the rollout has caused operational disruptions, including Outlook freezes and Windows 11 shutdown failures.
Dangers of Free Online Converter Apps
Threat actors are using malvertising and fake online converter tools to distribute malware via deceptive "CAPTCHA" prompts. By mimicking legitimate productivity services, these fraudulent sites trick users into executing malicious commands and expose sensitive corporate documents to data theft.
Malicious Browser Extensions Steal Credentials and Breach Enterprise Systems
Malicious browser extension campaigns, including are targeting enterprise systems to steal credentials and session tokens. By masquerading as productivity tools, these extensions bypass traditional defenses to capture sensitive data and trigger social engineering attacks.
Microsoft Patches “Reprompt” Flaw: Single-click Copilot Vulnerability
Researchers uncovered a vulnerability in Microsoft Copilot which allows threat actors to exfiltrate chat histories via a single malicious link. The flaw enables silent command execution within browser-based sessions to send sensitive data to external servers without further user interaction.
Canada, AFP Conduct Joint Cybersecurity Training
The Canadian and Philippine militaries completed a five-day cyber operations course to bolster the AFP’s ability to defend critical infrastructure. Focused on detection and legal alignment, the training strengthens bilateral defense ties and regional resilience against rising cyber threats.
Philippines Lifts Grok AI Ban After Talks with xAI
The CICC lifted the ban on X’s Grok AI after xAI committed to removing deepfake and content manipulation features. The swift reversal followed similar restrictions in Malaysia and Indonesia, highlighting regional efforts to force AI developers to comply with local safety standards.
DICT to Launch “Oplan Bantay Padala” Monitoring Portal
The DICT is launching “Oplan Bantay Padala,” a centralized portal for filing complaints against courier services. Expanding on the “Oplan Bantay Signal” framework, the system aims to enhance accountability, monitor delivery performance, and professionalize the logistics industry.
Philippine National Police Records Fewer Cybercrime Cases in 2025
The PNP reported a significant decline in online scams and vishing in 2025. However, analysts note these figures only reflect police reports and do not account for data from other agencies, suggesting the trend reflects law enforcement activity rather than a total decline in threats.
KimWolf Botnet Reportedly Compromised 2 Million Android-based Streaming Devices
The "Kimwolf" campaign has compromised over two million Android streaming devices, primarily off-brand TV boxes, to build a global botnet. These infected devices facilitate DDoS attacks, credential stuffing, and bandwidth theft, often arriving pre-infected or compromised minutes after setup.
Malicious Chrome Extensions Impersonating AI Tools Steal User Data
Two malicious Chrome extensions, "Prompt Poaching," were found harvesting ChatGPT and DeepSeek chat histories. Posing as productivity tools, they bypassed security—one even holding a "Featured" badge—to exfiltrate sensitive AI data and intellectual property.
Threat Actors Exploit Google Email Cloud Features In ‘Multi-Staged’ Phishing Attacks
Threat actors are abusing Google Cloud’s “Application Integration” tool to send phishing emails from a genuine Google address. By bypassing filters and using fake CAPTCHAs, the multi-stage attack tricks users into entering Microsoft 365 credentials on fraudulent login pages.
Clickfix Attack: Fake BSOD and Booking Targeting European Hospitality Sector
The ClickFix campaign "PHALT#BLYX" targets the hospitality sector using fake BSOD errors to trick users into executing malicious code. By following "fix" instructions, victims paste commands into the Windows Run box, installing the DCRAT trojan to grant attackers remote system control.
Philippine National Police Records Fewer Cybercrime Cases in 2025
The PNP-ACG reported a decline in major cybercrime categories for 2025, including drops in online selling and investment scams. While officials credit awareness efforts, analysts note the data reflects only PNP-handled cases and not the nationwide prevalence across other agencies.
Chinese-Linked Hackers Target Taiwan’s Energy Infrastructure
Taiwan’s NSB reported that Chinese-linked actors, including Mustang Panda and APT41, average 2.63M daily intrusion attempts targeting critical sectors. The focus on energy infrastructure highlights risks for the Philippines' power grid, given its partial ownership by a Chinese state firm.
Assessment on Cybercrime and State of National Cybersecurity
Cybercrime volume decreased in 2025, but threats like deepfakes and decentralized scam hubs grew more sophisticated. Legislative gaps persist as authorities transition toward a unified National Cybersecurity Agency.