PSA Cyber Risk Reports
Microsoft released its December 2025 patch update (KB5072033), The update delivers fixes for 56 security vulnerabilities and addresses 3 zero-day vulnerabilities. Highlights of the patch are: Stopping attackers who are actively exploiting a “Zero-Day” vulnerability (CVE-2025-62221) in the Windows Cloud Files driver. This flaw allows individuals who already have a foothold in your system to …
On November 28, 2025, the Araneta Group of Companies detected unauthorized lateral movement across its corporate network. The cybersecurity intrusion affected three of its major subsidiaries: Araneta Center Inc., Ticketnet Inc., and PPI (Dairy Queen) Holdings Inc. with the threat actor claiming to have exfiltrated over 1.5 terabytes of sensitive data, and demanded a ransom …
A critical, unauthenticated Remote Code Execution (RCE) vulnerability was recently discovered across two well-known software tools that developers use to create websites and applications. Dubbed as React2Shell (CVE-2025-55182), the vulnerability affects a popular Javascript library (React) and the framework (Next.js) impacting a significant portion of websites and cloud environments. Researchers note that this is currently …
The Qilin ransomware group has claimed two attacks in the Philippines, targeting AMH Philippines and Cagayan Appliance Center. These incidents highlight how Qilin is extending its operations into Southeast Asia, posing a growing risk for private companies and government-linked agencies. Who is Qilin and How Do They Attack? Qilin, formerly known as “Agenda,” is a …
Recent research by cybersecurity firm CrowdStrike has identified a correlation between specific geopolitical prompts and the quality of code generated by DeepSeek-R1, a prominent Chinese AI model. The study observed that while the model generally produces competitive code, its performance degrades, specifically regarding security standards, when prompts contain terms considered sensitive under Chinese regulations (e.g., …
Researchers from the University of Vienna and SBA Research highlighted a privacy aspect of WhatsApp’s architecture that significantly simplifies the process of linking phone numbers to user identities. Exploiting the “contact discovery” feature the researchers were able to verify the existence of 3.5 billion active users by writing code that automatically queries WhatsApp’s servers to …
November 27, 2025
The United States (US) Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding two critical vulnerabilities in Fortinet’s FortiWeb Web Application Firewalls (WAF), devices designed to be the shield for corporate web applications. The threat involves a “chaining” of two (2) flaws: CVE-2025-64446 (which allows an outsider to become an administrator) and …
November 27, 2025
Alleged Data Breach on Philippine Mapping Agency On November 15, 2025, a threat actor only identified as alias “Klammer,” claimed responsibility for a data breach involving the National Mapping and Resource Information Authority (NAMRIA), releasing 231 pages of internal Information and Communications Technology (ICT) equipment validation documents on his Facebook page. According to tech watchdog …
Microsoft released its December 2025 patch update (KB5072033), The update delivers fixes for 56 security vulnerabilities and addresses 3 zero-day vulnerabilities. Highlights of the patch are: Stopping attackers who are actively exploiting a “Zero-Day” vulnerability (CVE-2025-62221) in the Windows Cloud Files driver. This flaw allows individuals who already have a foothold in your system to …
On November 28, 2025, the Araneta Group of Companies detected unauthorized lateral movement across its corporate network. The cybersecurity intrusion affected three of its major subsidiaries: Araneta Center Inc., Ticketnet Inc., and PPI (Dairy Queen) Holdings Inc. with the threat actor claiming to have exfiltrated over 1.5 terabytes of sensitive data, and demanded a ransom …
A critical, unauthenticated Remote Code Execution (RCE) vulnerability was recently discovered across two well-known software tools that developers use to create websites and applications. Dubbed as React2Shell (CVE-2025-55182), the vulnerability affects a popular Javascript library (React) and the framework (Next.js) impacting a significant portion of websites and cloud environments. Researchers note that this is currently …
The Qilin ransomware group has claimed two attacks in the Philippines, targeting AMH Philippines and Cagayan Appliance Center. These incidents highlight how Qilin is extending its operations into Southeast Asia, posing a growing risk for private companies and government-linked agencies. Who is Qilin and How Do They Attack? Qilin, formerly known as “Agenda,” is a …
Recent research by cybersecurity firm CrowdStrike has identified a correlation between specific geopolitical prompts and the quality of code generated by DeepSeek-R1, a prominent Chinese AI model. The study observed that while the model generally produces competitive code, its performance degrades, specifically regarding security standards, when prompts contain terms considered sensitive under Chinese regulations (e.g., …
Researchers from the University of Vienna and SBA Research highlighted a privacy aspect of WhatsApp’s architecture that significantly simplifies the process of linking phone numbers to user identities. Exploiting the “contact discovery” feature the researchers were able to verify the existence of 3.5 billion active users by writing code that automatically queries WhatsApp’s servers to …
November 27, 2025
The United States (US) Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding two critical vulnerabilities in Fortinet’s FortiWeb Web Application Firewalls (WAF), devices designed to be the shield for corporate web applications. The threat involves a “chaining” of two (2) flaws: CVE-2025-64446 (which allows an outsider to become an administrator) and …
November 27, 2025
Alleged Data Breach on Philippine Mapping Agency On November 15, 2025, a threat actor only identified as alias “Klammer,” claimed responsibility for a data breach involving the National Mapping and Resource Information Authority (NAMRIA), releasing 231 pages of internal Information and Communications Technology (ICT) equipment validation documents on his Facebook page. According to tech watchdog …
CyberSecurity.PH Reports
Read the full report here. Philippines and South East Asia Philippine Presidential Communications Office responding to fake news and misinformation Chinese threat actor hidden inside another Asian telecommunication network for four years Malaysia refuses to pay $10USD million ransom related to airport outages Cybersecurity Threat Landscape Oracle cloud compute data breach confirmed Threat actor claims …
Read the full report here. Cybersecurity Threat Landscape Multiple APT groups using Windows shortcut exploit with no Microsoft fix available Compromised GitHub Action leads to further GitHub Action compromises Authentic looking Adobe OAuth and DocuSign OAuth targeting Microsoft 365 accounts Cybersecurity Vulnerabilities Apache Tomcat remote code execution (CVSS 9.8) PHP remote code execution vulnerability exploited …
Read the full report here. Philippines and South East Asia Philippine Army confirms hack by threat-actor Exodus Security Chinese Lotus Panda threat-group targeting APAC organizations with Sagerunex variants Threat actors impersonating Taiwan Taxation authority to deploy malware Solo hacker responsible for 90x high-profile data leaks arrested in Thailand Cybersecurity Threat Landscape FBI confirms Lazarus threat-group …
Read the full report here. Philippines and South East Asia 7,000 people rescued from Myanmar scam-centres Google stops malicious apps with ‘AI-Powered Threat Detection’ and continuous scanning Cybersecurity Threat Landscape Threat actors tricking users into linking devices to access Signal, WhatsApp and Telegram messages China sponsored Salt Typhoon threat actors continue to breach telecom organizations …
Cybersecurity.PH recently published a report providing an in-depth analysis on the risks and vulnerabilities associated with AI technologies like DeepSeek. It explores various security concerns including browser-based tracking, user data collection, and the potential for AI model manipulation. While DeepSeek serves as the focal point, the report emphasizes that similar vulnerabilities exist across many AI …
Read the full report here. Artificial Intelligence AI Technologies Philippines and South East Asia China-linked threat actor “PlushDaemon” targets victims in South East Asia with malicious VPN installers Fake wedding invites, parcel delivery notifications, and government job offers used to spread Android malware Thai police arrest woman linked to $182m romance scam Cybersecurity Threat Landscape …
January 23, 2025
Cybersecurity.PH just released a new update! Check out the full report HERE. Philippines NBI clearance data claimed to be compromised Philippines arrests Chinese national for spying on critical infrastructure Cybersecurity Threat Landscape VPN credentials of 15,000 FortiGate appliances posted on dark-web forum Mustang Panda’s PlugX malware removed from 4,200 computers in the US Phishing-as-a-service “Sneaky …
January 9, 2025
Read the full report HERE. Philippines Chinese cyber threat actors targeting Philippine Executive Branch, stealing military data Cybersecurity Threat Landscape United States Treasury OFAC breached by Chinese threat-actors via third-party vendor 30+ Chrome plugins hacked, exposing millions of users to credential theft Tools released to abuse Windows server LDAP bug causes crashes and reboots Cybersecurity …
Read the full report here. Philippines and South East Asia Philippine Presidential Communications Office responding to fake news and misinformation Chinese threat actor hidden inside another Asian telecommunication network for four years Malaysia refuses to pay $10USD million ransom related to airport outages Cybersecurity Threat Landscape Oracle cloud compute data breach confirmed Threat actor claims …
Read the full report here. Cybersecurity Threat Landscape Multiple APT groups using Windows shortcut exploit with no Microsoft fix available Compromised GitHub Action leads to further GitHub Action compromises Authentic looking Adobe OAuth and DocuSign OAuth targeting Microsoft 365 accounts Cybersecurity Vulnerabilities Apache Tomcat remote code execution (CVSS 9.8) PHP remote code execution vulnerability exploited …
Read the full report here. Philippines and South East Asia Philippine Army confirms hack by threat-actor Exodus Security Chinese Lotus Panda threat-group targeting APAC organizations with Sagerunex variants Threat actors impersonating Taiwan Taxation authority to deploy malware Solo hacker responsible for 90x high-profile data leaks arrested in Thailand Cybersecurity Threat Landscape FBI confirms Lazarus threat-group …
Read the full report here. Philippines and South East Asia 7,000 people rescued from Myanmar scam-centres Google stops malicious apps with ‘AI-Powered Threat Detection’ and continuous scanning Cybersecurity Threat Landscape Threat actors tricking users into linking devices to access Signal, WhatsApp and Telegram messages China sponsored Salt Typhoon threat actors continue to breach telecom organizations …
Cybersecurity.PH recently published a report providing an in-depth analysis on the risks and vulnerabilities associated with AI technologies like DeepSeek. It explores various security concerns including browser-based tracking, user data collection, and the potential for AI model manipulation. While DeepSeek serves as the focal point, the report emphasizes that similar vulnerabilities exist across many AI …
Read the full report here. Artificial Intelligence AI Technologies Philippines and South East Asia China-linked threat actor “PlushDaemon” targets victims in South East Asia with malicious VPN installers Fake wedding invites, parcel delivery notifications, and government job offers used to spread Android malware Thai police arrest woman linked to $182m romance scam Cybersecurity Threat Landscape …
January 23, 2025
Cybersecurity.PH just released a new update! Check out the full report HERE. Philippines NBI clearance data claimed to be compromised Philippines arrests Chinese national for spying on critical infrastructure Cybersecurity Threat Landscape VPN credentials of 15,000 FortiGate appliances posted on dark-web forum Mustang Panda’s PlugX malware removed from 4,200 computers in the US Phishing-as-a-service “Sneaky …
January 9, 2025
Read the full report HERE. Philippines Chinese cyber threat actors targeting Philippine Executive Branch, stealing military data Cybersecurity Threat Landscape United States Treasury OFAC breached by Chinese threat-actors via third-party vendor 30+ Chrome plugins hacked, exposing millions of users to credential theft Tools released to abuse Windows server LDAP bug causes crashes and reboots Cybersecurity …
